Someone Please Help Me!

Comments

• Crunchie Mandurah. Western Australia. Member

  October 2006 edited October 2006

  Can you please do the following.
  
  ===============
  
  Scan with HijackThis and then place a check next to all the following, if present:
  
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
  
  O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
  O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
  O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
  O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
  
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  
  O11 - Options group: [INTERNATIONAL] International*
  
  O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
  
  
  Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
  
  ===============
  
  Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
  
  folders...
  
  c:\program files\PartyGaming
  
  -
  
  Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

  Select the first option to run Windows in Safe Mode hit enter.
  
  -
  
  Reboot.
  
  ===============
  
  To help protect your system from hostile ActiveX content, or special 'downloadable' files:
  
  Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
  
  1) Check for any available updates; if present, they'll be automatically downloaded and installed.
  2) Next, "Enable all protection".
  3) Exit the program.
  
  -
  
  Note: Remember to regularly check for updates.
  
  ===============
  
  Rename hijackthis.exe to analyse.exe.
  
  After rebooting, rescan with hijackthis (now analyse.exe) and post back a new log. Please let me know how your pc is now.

  0
• krazychris2

  October 2006 edited October 2006

  HI, Thank you very much for looking into my problem, one quick question though. Will what you told me to do restore my windows problem/internet access? Because in your instructions to me you had mentioned to download and update spywareblaster, and without internet access im not sure exactly how i would do that.
  Thank you once again in advance.
  
  sincerely, Krazychris2 (Chris)

  0
• krazychris2

  October 2006 edited October 2006

  I deleted the files you mentioned, here is my new HJT File, however I still cannot access the internet.
  
  Logfile of HijackThis v1.99.1
  Scan saved at 8:46:03 PM, on 10/30/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5450.0004)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  D:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\WINDOWS\system32\cba\pds.exe
  C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
  C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
  C:\Program Files\Microsoft IntelliType Pro\type32.exe
  C:\Program Files\Microsoft IntelliPoint\point32.exe
  C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\Program Files\Sony\HotKey Utility\HKserv.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Sony\HotKey Utility\HKWnd.exe
  D:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\system32\cba\xfr.exe
  C:\WINDOWS\system32\ezSP_Px.exe
  C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
  D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
  C:\WINDOWS\system32\ctfmon.exe
  D:\Avenger\Analyse.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\gyyhhh\Application Data\Mozilla\Profiles\default\youjttup.slt\prefs.js)
  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: (no name) - {8700C0BA-606A-46FA-90B1-A3A31EC0C562} - C:\WINDOWS\system32\hgded.dll
  O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
  O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
  O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
  O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O20 - Winlogon Notify: hgded - C:\WINDOWS\system32\hgded.dll
  O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: windrx32 - windrx32.dll (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
  O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
  O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
  O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
  O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
  O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
  O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
  O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  0
• Crunchie Mandurah. Western Australia. Member

  October 2006 edited October 2006

  Please download VundoFix.exe
  to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  Note: It is possible that VundoFix encountered a file it could not remove.
  In this case, VundoFix will run on reboot, simply follow the above
  instructions starting from "Click the Scan for Vundo button." when
  VundoFix appears at reboot.

  0
• krazychris2

  November 2006 edited November 2006

  I ran Vundo.exe in normal windows mode and in safe mode and rebooted the computer, however the internet still cannot be accessed. here is my HJT log file and my vundo file log
  
  Logfile of HijackThis v1.99.1
  Scan saved at 7:21:46 PM, on 11/1/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5450.0004)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  D:\Avenger\Analyse.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\gyyhhh\Application Data\Mozilla\Profiles\default\youjttup.slt\prefs.js)
  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O2 - BHO: (no name) - {62ABF25E-0D00-4FCF-91A1-5BC9C586EDB4} - C:\WINDOWS\system32\hgded.dll (file missing)
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
  O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
  O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: windrx32 - windrx32.dll (file missing)
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
  O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
  O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
  O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
  O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
  O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
  O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
  O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  
  
  
  Here Is the vundo.exe file
  
  VundoFix V6.2.6
  
  Checking Java version...
  
  Java version is 1.5.0.2
  
  Java version is 1.5.0.4
  
  Java version is 1.5.0.6
  
  Scan started at 8:02:31 AM 11/1/2006
  
  Listing files found while scanning....
  
  C:\WINDOWS\system32\ddcda.dll
  C:\WINDOWS\system32\hgded.dll
  C:\WINDOWS\system32\dedgh.ini
  C:\WINDOWS\system32\dedgh.bak1
  C:\WINDOWS\system32\dedgh.bak2
  C:\WINDOWS\system32\dedgh.ini2
  C:\WINDOWS\system32\wvuut.dll
  C:\WINDOWS\system32\cbvpduue.exe
  C:\WINDOWS\system32\hgded.dll
  C:\WINDOWS\system32\dedgh.ini
  C:\WINDOWS\system32\dedgh.bak1
  C:\WINDOWS\system32\dedgh.bak2
  C:\WINDOWS\system32\dedgh.ini2
  C:\WINDOWS\system32\dedgh.ini
  C:\WINDOWS\system32\dedgh.bak1
  C:\WINDOWS\system32\dedgh.bak2
  C:\WINDOWS\system32\dedgh.ini2
  
  Beginning removal...
  
  Attempting to delete C:\WINDOWS\system32\ddcda.dll
  C:\WINDOWS\system32\ddcda.dll Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\hgded.dll
  C:\WINDOWS\system32\hgded.dll Could not be deleted.
  
  Attempting to delete C:\WINDOWS\system32\dedgh.ini
  C:\WINDOWS\system32\dedgh.ini Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\dedgh.bak1
  C:\WINDOWS\system32\dedgh.bak1 Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\dedgh.bak2
  C:\WINDOWS\system32\dedgh.bak2 Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\dedgh.ini2
  C:\WINDOWS\system32\dedgh.ini2 Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\wvuut.dll
  C:\WINDOWS\system32\wvuut.dll Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\cbvpduue.exe
  C:\WINDOWS\system32\cbvpduue.exe Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\hgded.dll
  C:\WINDOWS\system32\hgded.dll Could not be deleted.
  
  Performing Repairs to the registry.
  Done!
  
  Beginning removal...
  
  Attempting to delete C:\WINDOWS\system32\hgded.dll
  C:\WINDOWS\system32\hgded.dll Has been deleted!
  
  Attempting to delete C:\WINDOWS\system32\dedgh.ini
  C:\WINDOWS\system32\dedgh.ini Has been deleted!
  
  Performing Repairs to the registry.
  Done!
  
  VundoFix V6.2.6
  
  Checking Java version...
  
  Java version is 1.5.0.2
  
  Java version is 1.5.0.4
  
  Java version is 1.5.0.6
  
  Scan started at 7:16:00 PM 11/1/2006
  
  Listing files found while scanning....
  
  No infected files were found.
  
  
  
  .

  0
• Crunchie Mandurah. Western Australia. Member

  November 2006 edited November 2006

  Can you please do the following.
  
  ===============
  
  Scan with HijackThis and then place a check next to all the following, if present:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  
  O2 - BHO: (no name) - {62ABF25E-0D00-4FCF-91A1-5BC9C586EDB4} - C:\WINDOWS\system32\hgded.dll (file missing)
  O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  
  O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  
  O20 - Winlogon Notify: windrx32 - windrx32.dll (file missing)
  
  
  Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
  
  ===============
  
  Download LSPfix from here
  On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
  
  ==
  
  After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

  0
• krazychris2

  November 2006 edited November 2006

  I downloaded LSP fix however when it opens up there are twp fields/ Keep and Remove within the keep field there are 3 files ( mswsock.dll Tcpip) ( winrnr.dll NTDS) ( rsvpsp.dll (protocol handler) )
  
  Im not sure which ones to remove.
  
  
  Sincerely, Chris

  0
• Crunchie Mandurah. Western Australia. Member

  November 2006 edited November 2006

  Crunchie wrote:

  Download LSPfix from here
  On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.

  You just need to follow the instructions as described above. Nothing else.
  Reboot and check your connection again.

  0
• krazychris2

  November 2006 edited November 2006

  I ran the LSP Fix and the internet still did not work, I ended up calling LInksys tech support and while we where troubleshooting we noticed that if I completely turned of my ZoneLabs Firewall I could accsess the internet but only if the computer was hardwired to the router, there seems to be some sort of problem with my wireless adapter, im not sure whether this is because of some sort of virus or spyware, nonetheless since I had internet access i ran ad-aware as well as kaspersky also im posting a new HJT file which was done after the adaware/spyblaster/kaspersky scans.
  
  
  Ad-Aware SE Build 1.06r1
  Logfile Created on:Thursday, November 02, 2006 8:32:07 PM
  Created with Ad-Aware SE Personal, free for private use.
  Using definitions file:SE1R130 02.11.2006
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  References detected during the scan:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  Adware.BHO(generic)(TAC index:3):13 total references
  Adware.CashBack(TAC index:9):3 total references
  Tracking Cookie(TAC index:3):1 total references
  Win32.Trojan.Downloader(TAC index:10):1 total references
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Ad-Aware SE Settings
  ===========================
  Set : Search for low-risk threats
  Set : Safe mode (always request confirmation)
  Set : Scan active processes
  Set : Scan registry
  Set : Deep-scan registry
  Set : Scan my IE Favorites for banned URLs
  Set : Scan my Hosts file
  
  Extended Ad-Aware SE Settings
  ===========================
  Set : Unload recognized processes & modules during scan
  Set : Scan registry for all users instead of current user only
  Set : Always try to unload modules before deletion
  Set : During removal, unload Explorer and IE if necessary
  Set : Let Windows remove files in use at next reboot
  Set : Delete quarantined objects after restoring
  Set : Include basic Ad-Aware settings in log file
  Set : Include additional Ad-Aware settings in log file
  Set : Include reference summary in log file
  Set : Include alternate data stream details in log file
  Set : Play sound at scan completion if scan locates critical objects
  
  
  11-2-2006 8:32:07 PM - Scan started. (Full System Scan)
  
  Listing running processes
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  #:1 [smss.exe]
  FilePath : \SystemRoot\System32\
  ProcessID : 616
  ThreadCreationTime : 11-2-2006 12:40:27 PM
  BasePriority : Normal
  
  
  #:2 [csrss.exe]
  FilePath : \??\C:\WINDOWS\system32\
  ProcessID : 692
  ThreadCreationTime : 11-2-2006 12:40:30 PM
  BasePriority : Normal
  
  
  #:3 [winlogon.exe]
  FilePath : \??\C:\WINDOWS\system32\
  ProcessID : 720
  ThreadCreationTime : 11-2-2006 12:40:33 PM
  BasePriority : High
  
  
  #:4 [services.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 764
  ThreadCreationTime : 11-2-2006 12:40:34 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Services and Controller app
  InternalName : services.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : services.exe
  
  #:5 [lsass.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 776
  ThreadCreationTime : 11-2-2006 12:40:34 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : LSA Shell (Export Version)
  InternalName : lsass.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : lsass.exe
  
  #:6 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 932
  ThreadCreationTime : 11-2-2006 12:40:35 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:7 [svchost.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 980
  ThreadCreationTime : 11-2-2006 12:40:36 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:8 [svchost.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1020
  ThreadCreationTime : 11-2-2006 12:40:36 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:9 [svchost.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1064
  ThreadCreationTime : 11-2-2006 12:40:36 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:10 [svchost.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1160
  ThreadCreationTime : 11-2-2006 12:40:37 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:11 [spoolsv.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1488
  ThreadCreationTime : 11-2-2006 12:40:48 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
  ProductVersion : 5.1.2600.2696
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Spooler SubSystem App
  InternalName : spoolsv.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : spoolsv.exe
  
  #:12 [ati2evxx.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1616
  ThreadCreationTime : 11-2-2006 12:41:08 PM
  BasePriority : Normal
  
  
  #:13 [adskscsrv.exe]
  FilePath : C:\Program Files\Common Files\Autodesk
  Shared\Service\
  ProcessID : 1628
  ThreadCreationTime : 11-2-2006 12:41:08 PM
  BasePriority : Normal
  FileVersion : 2.51.000
  FileDescription : System Level Service Utility
  
  #:14 [btwdins.exe]
  FilePath : C:\Program Files\WIDCOMM\Bluetooth
  Software\bin\
  ProcessID : 1680
  ThreadCreationTime : 11-2-2006 12:41:08 PM
  BasePriority : Normal
  FileVersion : 1.4.2 Build 10
  ProductVersion : 1.4.2 Build 10
  ProductName : Bluetooth Software 1.4.2 Build 10
  CompanyName : WIDCOMM, Inc.
  FileDescription : Bluetooth Support Server
  InternalName : BTWDIns
  LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
  OriginalFilename : BTWDIns.EXE
  
  #:15 [defwatch.exe]
  FilePath : C:\Program
  Files\Symantec_Client_Security\Symantec AntiVirus\
  ProcessID : 1748
  ThreadCreationTime : 11-2-2006 12:41:08 PM
  BasePriority : Normal
  FileVersion : 8.00.00.9374
  ProductVersion : 8.00.00.9374
  ProductName : Norton AntiVirus
  CompanyName : Symantec Corporation
  FileDescription : Virus Definition Daemon
  InternalName : DefWatch
  LegalCopyright : Copyright © 1998 Symantec Corporation
  OriginalFilename : DefWatch.exe
  
  #:16 [guard.exe]
  FilePath : D:\Program Files\ewido anti-spyware 4.0\
  ProcessID : 1780
  ThreadCreationTime : 11-2-2006 12:41:08 PM
  BasePriority : Normal
  FileVersion : 4, 0, 0, 172
  ProductVersion : 4, 0, 0, 172
  ProductName : ewido anti-spyware
  CompanyName : Anti-Malware Development a.s.
  FileDescription : ewido anti-spyware guard
  InternalName : ewido anti-spywareguard
  LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
  OriginalFilename : guard.exe
  
  #:17 [pds.exe]
  FilePath : C:\WINDOWS\system32\cba\
  ProcessID : 1800
  ThreadCreationTime : 11-2-2006 12:41:09 PM
  BasePriority : Normal
  FileVersion : 6.12.0.112 E
  ProductVersion : 6.12.0.112
  ProductName : Intel Common Base Agent
  CompanyName : Intel® Corporation
  FileDescription : CBA -- Ping Discovery Service
  InternalName : PDS
  LegalCopyright : Copyright © 1997-2001 Intel® Corporation
  LegalTrademarks : LANDesk® is a registered trademark of Intel
  Corporation
  OriginalFilename : PDS.EXE
  
  #:18 [rtvscan.exe]
  FilePath : C:\Program
  Files\Symantec_Client_Security\Symantec AntiVirus\
  ProcessID : 1888
  ThreadCreationTime : 11-2-2006 12:41:11 PM
  BasePriority : Normal
  FileVersion : 8.00.00.9374
  ProductVersion : 8.00.00.9374
  ProductName : Symantec AntiVirus
  CompanyName : Symantec Corporation
  FileDescription : Symantec AntiVirus
  LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
  
  #:19 [svchost.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 1960
  ThreadCreationTime : 11-2-2006 12:41:13 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Generic Host Process for Win32 Services
  InternalName : svchost.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : svchost.exe
  
  #:20 [wdfmgr.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 1996
  ThreadCreationTime : 11-2-2006 12:41:15 PM
  BasePriority : Normal
  FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
  ProductVersion : 5.2.3790.1230
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Windows User Mode Driver Manager
  InternalName : WdfMgr
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : WdfMgr.exe
  
  #:21 [sssvr.exe]
  FilePath : C:\Program Files\Sony\VAIO Media Music Server\
  ProcessID : 2044
  ThreadCreationTime : 11-2-2006 12:41:16 PM
  BasePriority : Normal
  FileVersion : 2.5.00.15184
  ProductVersion : 2.5.00
  ProductName : VAIO Media Music Server
  CompanyName : Sony Corporation
  FileDescription : VAIO Media Music Server
  InternalName : SSSvr
  LegalCopyright : Copyright 2002,2003 Sony Corp.
  OriginalFilename : SSSvr.exe
  Comments : VAIO Media Music Server
  
  #:22 [photoappsrv.exe]
  FilePath : C:\Program Files\Sony\Photo Server\appsrv\
  ProcessID : 152
  ThreadCreationTime : 11-2-2006 12:41:17 PM
  BasePriority : Normal
  
  
  #:23 [msgsys.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 224
  ThreadCreationTime : 11-2-2006 12:41:18 PM
  BasePriority : Normal
  FileVersion : 6.12.0.112 E
  ProductVersion : 6.12.0.112
  ProductName : Intel Common Base Agent
  CompanyName : Intel® Corporation
  FileDescription : CBA -- Message System
  InternalName : MsgExe
  LegalCopyright : Copyright © 1997-2001 Intel® Corporation
  LegalTrademarks : LANDesk® is a registered trademark of Intel
  Corporation
  OriginalFilename : MsgSys.EXE
  
  #:24 [iao.exe]
  FilePath : C:\WINDOWS\system32\ams_ii\
  ProcessID : 896
  ThreadCreationTime : 11-2-2006 12:41:48 PM
  BasePriority : Normal
  FileVersion : 6.12.0.112 E
  ProductVersion : 6.12.0.112
  ProductName : Intel Alert Management System 2
  CompanyName : Intel® Corporation
  FileDescription : Alert Originator Manager
  InternalName : IAO
  LegalCopyright : Copyright © 1997-2001 Intel® Corporation
  LegalTrademarks : LANDesk® is a registered trademark of Intel
  Corporation
  OriginalFilename : IAO.EXE
  
  #:25 [xfr.exe]
  FilePath : C:\WINDOWS\system32\cba\
  ProcessID : 1216
  ThreadCreationTime : 11-2-2006 12:41:50 PM
  BasePriority : Normal
  FileVersion : 6.12.0.112 E
  ProductVersion : 6.12.0.112
  ProductName : Intel Common Base Agent
  CompanyName : Intel® Corporation
  FileDescription : CBA - Message Resource
  InternalName : xfrrc
  LegalCopyright : Copyright © 1997-2001 Intel® Corporation
  LegalTrademarks : LANDesk® is a registered trademark of Intel
  Corporation
  OriginalFilename : XFR.EXE
  
  #:26 [sv_httpd.exe]
  FilePath : C:\Program Files\Common Files\Sony Shared\VAIO
  Media Platform\
  ProcessID : 1540
  ThreadCreationTime : 11-2-2006 12:41:52 PM
  BasePriority : Normal
  FileVersion : 2.5.00.14070
  ProductVersion : 2.5.00.14070
  ProductName : SV_Httpd.exe
  CompanyName : Sony Corporation
  FileDescription : Sony HTTP Server
  InternalName : SV_Httpd
  LegalCopyright : Copyright 2002, 2003 Sony Corp.
  OriginalFilename : SV_Httpd.exe
  
  #:27 [sv_httpd.exe]
  FilePath : C:\Program Files\Common Files\Sony Shared\VAIO
  Media Platform\
  ProcessID : 1776
  ThreadCreationTime : 11-2-2006 12:41:56 PM
  BasePriority : Normal
  FileVersion : 2.5.00.14070
  ProductVersion : 2.5.00.14070
  ProductName : SV_Httpd.exe
  CompanyName : Sony Corporation
  FileDescription : Sony HTTP Server
  InternalName : SV_Httpd
  LegalCopyright : Copyright 2002, 2003 Sony Corp.
  OriginalFilename : SV_Httpd.exe
  
  #:28 [vptray.exe]
  FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
  ProcessID : 2632
  ThreadCreationTime : 11-2-2006 12:42:40 PM
  BasePriority : Normal
  FileVersion : 8.00.00.9374
  ProductVersion : 8.00.00.9374
  ProductName : Symantec AntiVirus
  CompanyName : Symantec Corporation
  FileDescription : Symantec AntiVirus
  LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
  
  #:29 [viewmgr.exe]
  FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
  ProcessID : 2652
  ThreadCreationTime : 11-2-2006 12:42:41 PM
  BasePriority : Normal
  FileVersion : 2, 0, 0, 42
  ProductVersion : 2, 0, 0, 42
  ProductName : Viewpoint Manager
  CompanyName : Viewpoint Corporation
  FileDescription : ViewMgr
  InternalName : Viewpoint Manager
  LegalCopyright : Copyright © 2004
  OriginalFilename : ViewMgr.exe
  Comments : Viewpoint Manager
  
  #:30 [hpwuschd2.exe]
  FilePath : C:\Program Files\Hewlett-Packard\HP Software
  Update\
  ProcessID : 2668
  ThreadCreationTime : 11-2-2006 12:42:42 PM
  BasePriority : Normal
  FileVersion : 50.0.146.000
  ProductVersion : 050.000.146.000
  ProductName : hp digital imaging - hp all-in-one series
  CompanyName : Hewlett-Packard Co.
  FileDescription : Hewlett-Packard Product Assistant
  InternalName : hpwuSchd2
  LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
  OriginalFilename : hpwuSchd2.exe
  Comments : Hewlett-Packard Product Assistant
  
  #:31 [cfd.exe]
  FilePath : C:\Program Files\BroadJump\Client Foundation\
  ProcessID : 2712
  ThreadCreationTime : 11-2-2006 12:42:45 PM
  BasePriority : Normal
  
  
  #:32 [alg.exe]
  FilePath : C:\WINDOWS\System32\
  ProcessID : 2708
  ThreadCreationTime : 11-2-2006 12:42:45 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Application Layer Gateway Service
  InternalName : ALG.exe
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : ALG.exe
  
  #:33 [motivesb.exe]
  FilePath : C:\PROGRA~1\SBCSEL~1\SMARTB~1\
  ProcessID : 2756
  ThreadCreationTime : 11-2-2006 12:42:48 PM
  BasePriority : Normal
  FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
  ProductVersion : 5.6.7.asst_classic.smartbridge
  ProductName : Motive System
  CompanyName : Motive Communications, Inc.
  FileDescription : SBC Self Support Tool Alerts
  InternalName : version
  LegalCopyright : Copyright 1998-2003
  OriginalFilename : version
  
  #:34 [type32.exe]
  FilePath : C:\Program Files\Microsoft IntelliType Pro\
  ProcessID : 2880
  ThreadCreationTime : 11-2-2006 12:42:56 PM
  BasePriority : Normal
  
  
  #:35 [point32.exe]
  FilePath : C:\Program Files\Microsoft IntelliPoint\
  ProcessID : 2932
  ThreadCreationTime : 11-2-2006 12:43:01 PM
  BasePriority : Normal
  
  
  #:36 [jusched.exe]
  FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
  ProcessID : 2944
  ThreadCreationTime : 11-2-2006 12:43:02 PM
  BasePriority : Normal
  
  
  #:37 [hkserv.exe]
  FilePath : C:\Program Files\Sony\HotKey Utility\
  ProcessID : 2992
  ThreadCreationTime : 11-2-2006 12:43:09 PM
  BasePriority : Normal
  
  
  #:38 [atiptaxx.exe]
  FilePath : C:\Program Files\ATI Technologies\ATI Control
  Panel\
  ProcessID : 3036
  ThreadCreationTime : 11-2-2006 12:43:13 PM
  BasePriority : Normal
  FileVersion : 6.14.10.4004
  ProductVersion : 6.14.10.4004
  ProductName : ATI Desktop Component
  CompanyName : ATI Technologies, Inc.
  FileDescription : ATI Desktop Control Panel
  InternalName : Atiptaxx.exe
  LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc.
  OriginalFilename : Atiptaxx.exe
  
  #:39 [hkwnd.exe]
  FilePath : C:\Program Files\Sony\HotKey Utility\
  ProcessID : 3068
  ThreadCreationTime : 11-2-2006 12:43:18 PM
  BasePriority : Normal
  
  
  #:40 [ewido.exe]
  FilePath : D:\Program Files\ewido anti-spyware 4.0\
  ProcessID : 3156
  ThreadCreationTime : 11-2-2006 12:43:42 PM
  BasePriority : Normal
  FileVersion : 4, 0, 0, 172
  ProductVersion : 4, 0, 0, 172
  ProductName : ewido anti-spyware
  CompanyName : Anti-Malware Development a.s.
  FileDescription : ewido anti-spyware
  InternalName : ewido anti-spyware
  LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
  OriginalFilename : ewido.exe
  
  #:41 [ezsp_px.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 3216
  ThreadCreationTime : 11-2-2006 12:43:43 PM
  BasePriority : Normal
  
  
  #:42 [hpcmpmgr.exe]
  FilePath : C:\Program Files\HP\hpcoretech\
  ProcessID : 3324
  ThreadCreationTime : 11-2-2006 12:43:57 PM
  BasePriority : Normal
  FileVersion : 2.1.1.0
  ProductVersion : 2.1.4
  ProductName : hp coretech (COmponent REuse TECHnology)
  CompanyName : Hewlett-Packard Company
  FileDescription : HP Framework Component Manager Service
  InternalName : HPComponentManagerService module
  LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
  OriginalFilename : HpCmpMgr.exe
  
  #:43 [hpztsb10.exe]
  FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
  ProcessID : 3424
  ThreadCreationTime : 11-2-2006 12:44:05 PM
  BasePriority : Normal
  FileVersion : 2.323.0.0
  ProductVersion : 2.323.0.0
  ProductName : HP DeskJet
  CompanyName : HP
  LegalCopyright : Copyright (c) Hewlett-Packard Company
  1999-2004
  
  #:44 [ctfmon.exe]
  FilePath : C:\WINDOWS\system32\
  ProcessID : 3440
  ThreadCreationTime : 11-2-2006 12:44:08 PM
  BasePriority : Normal
  FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 5.1.2600.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : CTF Loader
  InternalName : CTFMON
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : CTFMON.EXE
  
  #:45 [explorer.exe]
  FilePath : C:\WINDOWS\
  ProcessID : 4016
  ThreadCreationTime : 11-3-2006 2:06:55 AM
  BasePriority : Normal
  FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
  ProductVersion : 6.00.2900.2180
  ProductName : Microsoft® Windows® Operating System
  CompanyName : Microsoft Corporation
  FileDescription : Windows Explorer
  InternalName : explorer
  LegalCopyright : © Microsoft Corporation. All rights reserved.
  OriginalFilename : EXPLORER.EXE
  
  #:46 [firefox.exe]
  FilePath : C:\Program Files\Mozilla Firefox\
  ProcessID : 476
  ThreadCreationTime : 11-3-2006 2:30:13 AM
  BasePriority : Normal
  
  
  #:47 [ad-aware.exe]
  FilePath : D:\Program Files\Lavasoft\Ad-Aware SE
  Personal\
  ProcessID : 2108
  ThreadCreationTime : 11-3-2006 2:30:35 AM
  BasePriority : Normal
  FileVersion : 6.2.0.236
  ProductVersion : SE 106
  ProductName : Lavasoft Ad-Aware SE
  CompanyName : Lavasoft Sweden
  FileDescription : Ad-Aware SE Core application
  InternalName : Ad-Aware.exe
  LegalCopyright : Copyright © Lavasoft AB Sweden
  OriginalFilename : Ad-Aware.exe
  Comments : All Rights Reserved
  
  Memory scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 0
  
  
  Started registry scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Adware.BHO(generic) Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_USERS
  Object :
  S-1-5-21-1794217661-723718970-2336388479-1005\software\microsoft\windows\currentversion\ext\stats\{821f87ff-8245-4972-9e28-732e92ec2f51}
  
  Adware.CashBack Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 9
  Category : Malware
  Comment :
  Rootkey : HKEY_USERS
  Object :
  S-1-5-21-1794217661-723718970-2336388479-1005\software\microsoft\windows\currentversion\ext\stats\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}
  
  Adware.CashBack Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 9
  Category : Malware
  Comment :
  Rootkey : HKEY_USERS
  Object :
  S-1-5-21-1794217661-723718970-2336388479-1005\software\microsoft\windows\currentversion\ext\stats\{ce188402-6ee7-4022-8868-ab25173a3e14}
  
  Adware.CashBack Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 9
  Category : Malware
  Comment :
  Rootkey : HKEY_USERS
  Object :
  S-1-5-21-1794217661-723718970-2336388479-1005\software\microsoft\windows\currentversion\ext\stats\{f4e04583-354e-4076-be7d-ed6a80fd66da}
  
  Win32.Trojan.Downloader Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 10
  Category : Malware
  Comment :
  Rootkey : HKEY_USERS
  Object :
  S-1-5-21-1794217661-723718970-2336388479-1005\software\microsoft\windows\currentversion\ext\stats\{cbcc61fa-0221-4ccc-b409-cee865caca3a}
  
  Adware.BHO(generic) Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_LOCAL_MACHINE
  Object :
  software\microsoft\windows\currentversion\uninstall\{821f87ff-8245-4972-9e28-732e92ec2f51}
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_LOCAL_MACHINE
  Object :
  software\microsoft\windows\currentversion\uninstall\{821f87ff-8245-4972-9e28-732e92ec2f51}
  Value : UninstallString
  
  Registry Scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 7
  Objects found so far: 7
  
  
  Started deep registry scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Deep registry scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 7
  
  
  Started Tracking Cookie scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  
  Tracking Cookie Object Recognized!
  Type : IECache Entry
  Data : [email]gyyhhh@atdmt[2].txt[/email]
  TAC Rating : 3
  Category : Data Miner
  Comment : Hits:3
  Value : Cookie:gyyhhh@atdmt.com/
  Expires : 11-1-2011 6:00:00 PM
  LastSync : Hits:3
  UseCount : 0
  Hits : 3
  
  Tracking cookie scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 1
  Objects found so far: 8
  
  
  
  Deep scanning and examining files (C:)
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Disk Scan Result for C:\
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 8
  
  
  Deep scanning and examining files (D:)
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Disk Scan Result for D:\
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 0
  Objects found so far: 8
  
  
  Scanning Hosts file......
  Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Hosts file scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  1 entries scanned.
  New critical objects:0
  Objects found so far: 8
  
  
  
  
  Performing conditional scans...
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  
  Adware.BHO(generic) Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : Account Name
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Server
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP URL
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Search Return
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Timeout
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Authentication
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Simple Search
  
  Adware.BHO(generic) Object Recognized!
  Type : RegValue
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\microsoft\internet account
  manager\accounts\bigfoot
  Value : LDAP Logo
  
  Adware.BHO(generic) Object Recognized!
  Type : Regkey
  Data :
  TAC Rating : 3
  Category : Adware
  Comment :
  Rootkey : HKEY_CURRENT_USER
  Object : software\search toolbar corp
  
  Conditional scan result:
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  New critical objects: 10
  Objects found so far: 18
  
  8:52:41 PM Scan Complete
  
  Summary Of This Scan
  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  Total scanning time:00:20:33.413
  Objects scanned:196775
  Objects identified:18
  Objects ignored:0
  New critical objects:18
  
  
  
  
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 7:17:29 AM, on 11/3/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5450.0004)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  D:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\WINDOWS\system32\cba\pds.exe
  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
  C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\system32\ams_ii\iao.exe
  C:\WINDOWS\system32\cba\xfr.exe
  C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
  C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
  C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\BroadJump\Client Foundation\CFD.exe
  C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  C:\Program Files\Microsoft IntelliType Pro\type32.exe
  C:\Program Files\Microsoft IntelliPoint\point32.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Sony\HotKey Utility\HKserv.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Sony\HotKey Utility\HKWnd.exe
  D:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\system32\ezSP_Px.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
  D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  D:\Avenger\Analyse.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
  N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\gyyhhh\Application Data\Mozilla\Profiles\default\youjttup.slt\prefs.js)
  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
  O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
  O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
  O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
  O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
  O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
  O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
  O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
  O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
  O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
  O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
  O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  0
• Crunchie Mandurah. Western Australia. Member

  November 2006 edited November 2006

  Your hijackthis log looks ok. Did you have Adaware remove those objects it found? If not, run it again and choose to remove them.
  Did you try reinstalling the software for your wireless?

  0
• krazychris2

  November 2006 edited November 2006

  The wireless is built into the laptop so I really dont have any software. Is there anything I could possibly get online, or do you think I should consult the hardware section?

  0
• Crunchie Mandurah. Western Australia. Member

  November 2006 edited November 2006

  Just drop a post into the hardware forum here and see what advice you get. They should be able to help out if it's a hardware issue .

  0