Dr. strangelove

shamrock · Sep 11, 2007

Anthony, didn't know if you forgot about this thread. I posted the log, but have no clue what to do further.

Thanks for the Help help brother

Shamrock

http://www.madjacksports.com/forum/showthread.php?t=297440

vinnie · Sep 11, 2007

must have been a Yankees fan kurby

DR STRANGELOVE · Sep 12, 2007

got it bud, sorry been busy with school completely forgot about it,

you got a lot of crap in there

what you posted was a house call scan report,

i need you to download this program and save it to your computer

http://majorgeeks.com/downloadget.php?id=5554&file=1&evp=4122712c2af084c815e5fd4f2b249d83

click save as, then once it downloads onto your cpu, click on it and click on SCAN AND SAVE REPORT, copy and paste results here, make sure all windows are closed when scanning
thanks

DR STRANGELOVE · Sep 12, 2007

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

DR STRANGELOVE · Sep 14, 2007

bump for mr sham

shamrock · Sep 14, 2007

Anthony, I must be retarded, or doing something wrong. From the major geek link above, I installed spy doctor to my cpu. There is no "scan and save report" option. Only SCAN COMPUTER NOW, or IMMUNIZE COMPUTER.

also, what is hijack this? I only have icons on desktop for SPY DOCTOR, AND SD4.EXE

DR STRANGELOVE · Sep 14, 2007

sham,

just click on he above link, do not do anything, then a pop up should show up and it says SAVE FILE? teh file name should be hijackthis.exe

let me know
we have to get rid of that crap on your cpu

shamrock · Sep 14, 2007

Anthony, sorry, my pop up blocker was blocking the program.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:49 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\DDWIN\DgnDmn32.EXE
C:\DDWIN\dgnlan32.exe
C:\DDWIN\wpdem32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Startup: DragonDictate Classic Edition.lnk = C:\DDWIN\VOICEBAR.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148135841781
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O24 - Desktop Component 0: (no name) - http://i106.photobucket.com/albums/m259/tenaciousd9/Calvin.jpg

--
End of file - 7372 bytes

DR STRANGELOVE · Sep 14, 2007

ok, posted this at the appropriate tech forum, should get a reply by the time i get back, I'll be back on sunday and we'll go from there

thanks

in case you are curious...
here is where i posted it, i am waiting for a techie to get back to me

http://forums.techguy.org/malware-removal-hijackthis-logs/624148-hijack-log.html#post5114884

in the meantime, download this program and perform a scan, post results here please

http://www.superantispyware.com/
download free trial home users

DR STRANGELOVE · Sep 16, 2007

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://download.bleepingcomputer.com...a/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it.
? It will ask if you want to update the program definitions, click Yes.
? Under Configuration and Preferences, click the Preferences button.
? Click the Scanning Control tab.
? Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
? On the main screen, under Scan for Harmful Software click Scan your computer.
? On the left check C:\Fixed Drive.
? On the right, under Complete Scan, choose Perform Complete Scan.
? Click Next to start the scan. Please be patient while it scans your computer.
? After the scan is complete a summary box will appear. Click OK.
? Make sure everything in the white box has a check next to it, then click Next.
? It will quarantine what it found and if it asks if you want to reboot, click Yes.
? To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
? Click close and close again to exit the program.
? Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!

shamrock · Sep 17, 2007

Anthony, combo fix, I keep getting no server. Here is super spy aware results. Thanks again for your assistance

Shamrock

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2007 at 09:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3308
Trace Rules Database Version: 1314

Scan type : Complete Scan
Total Scan Time : 00:33:02

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 5385
Registry threats detected : 27
File items scanned : 31826
File threats detected : 117

Adware.ISM/BndDrive
HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL
HKLM\Software\Classes\CLSID\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}#AppID
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32#ThreadingModel
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\ProgID
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\TypeLib
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKU\S-1-5-21-1606980848-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@amaena[1].txt
C:\Documents and Settings\Owner\Cookies\owner@alladultchannel[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1069788394[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drm[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.worldcarfans[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webstat.yamaha[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@plugs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexxxomania[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1070739777[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071468540[1].txt
C:\Documents and Settings\Owner\Cookies\owner@twelvefifteen[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.licenseacquisition[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1069112074[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ak.facebook[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hotbar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@view-10675[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediatraffic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1058852219[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071629759[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xctrk[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kinxxx[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.licenseacquisition[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.pinnaclesports[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexulus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@porno[1].txt
C:\Documents and Settings\Owner\Cookies\owner@thetrack.bostonherald[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.expedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pornoinside[1].txt
C:\Documents and Settings\Owner\Cookies\owner@humornsex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sfed.70492.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
C:\Documents and Settings\Owner\Cookies\owner@view-10767[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertisersclearinghouse.aavalue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1069178726[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@group-sex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sex-video[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sexy-videos[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adultadworld[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@audit.median[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mtr.splash.sexsearch[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@thetrack.bostonherald[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tracking.pinnaclesports[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@twelvefifteen[1].txt

Adware.AdSponsor
HKCR\AppId\AdBand.DLL
HKCR\AppId\AdBand.DLL#AppID

Adware.AdSponsor/ISM
HKU\S-1-5-21-1606980848-1500820517-839522115-1003\Software\antica
HKU\S-1-5-21-1606980848-1500820517-839522115-1003\Software\BndDrive
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\PROGRAM FILES\ISM\ISM.EXE
C:\PROGRAM FILES\ISM\BNDLOADER.EXE
C:\WINDOWS\Prefetch\ISM.EXE-18A7F98C.pf

Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY MUSIC\SETUP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051529.DLL

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE

Adware.180solutions/Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051524.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051525.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051526.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051527.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051528.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051531.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051533.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051534.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051535.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051536.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051537.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051538.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051541.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F41894B-8047-48E4-BA93-0141FC63E70B}\RP528\A0051542.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\lc[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\jazminbgvid010.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\jenavivejolibgvid006.wmv_medium[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SKE79L5T\sunshinebgvid003.wmv_medium[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ABSH5QLQ\aria2bgvid012.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ABSH5QLQ\lc[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\DetectEnvironment[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ABSH5QLQ\blue_btn[1].gif
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\jazminbgvid001.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\gecv2[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\Layout[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\S87DKAG0\lainoibgvidall.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\S87DKAG0\lc[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SKE79L5T\gec[1].js
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G47DVXBS\joleanhardvid006.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SKE79L5T\brookehavenbgvid003.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ABSH5QLQ\sunshinebgvid004.wmv_small[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\S87DKAG0\lc[2].js
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JT0KCRBF\minify[1].php
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C52NCPW3\minify[1].php
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UEQKACM0\Redhead_Sucking_medium[1].jpg
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\L1LBA6F6\blue_btn[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CJAPMH2J\lc[1].js

DR STRANGELOVE · Sep 18, 2007

ok, posted log at other site, waiting to hear back from him.

DR STRANGELOVE · Sep 18, 2007

SHMAROCK,

Download this file :

http://www.techsupportforum.com/sect...s/ComboFix.exe
or
http://download.bleepingcomputer.com...a/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

also, after completing the above, please post a NEW hijackthis scan report

thanks

shamrock · Sep 18, 2007

Anthony on both above links, I get "page not found error", do they work for you?

shamrock · Sep 18, 2007

New hijack this report

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:57 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DDWIN\DgnDmn32.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\DDWIN\dgnlan32.exe
C:\WINDOWS\system32\svchost.exe
C:\DDWIN\wpdem32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ScanSoft\NATURA~1\Program\natspeak.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: DragonDictate Classic Edition.lnk = C:\DDWIN\VOICEBAR.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148135841781
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O24 - Desktop Component 0: (no name) - http://i106.photobucket.com/albums/m259/tenaciousd9/Calvin.jpg

--
End of file - 7680 bytes

DR STRANGELOVE · Sep 18, 2007

not working for me either, sorry about that
will post a new link when he gets back to me,

DR STRANGELOVE · Sep 20, 2007

shamrock,

download the following
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

SO>>> 1. download combofix, post log and then post a new hijackthis log

thanks

DR STRANGELOVE · Sep 21, 2007

bump..

shamrock · Sep 21, 2007

Sorry Anthony, my computer time has been somewhat limited lately for health reasons. Sorry for the delays, appreciate your assistance.

Shamrock

shamrock · Sep 21, 2007

ComboFix 07-09-21.2 - "Owner" 2007-09-21 12:55:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.123 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 12:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 20:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-17 20:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 20:50 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-09-12 20:50 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-09-12 20:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-09-10 14:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-10 13:57 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-27 21:14 <DIR> d-------- C:\Program Files\Common Files\Scansoft Shared
2007-08-27 21:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ScanSoft
2007-08-27 21:12 <DIR> d-------- C:\Program Files\ScanSoft
2007-08-27 21:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 12:55 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MSN6
2007-08-18 16:31 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-08-17 15:55 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MSNInstaller
2007-08-16 03:02 --------- d-------- C:\Program Files\MSXML 6.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 12:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-26 22:34]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-09-04 20:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2004-10-15 23:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 21:17]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 10:47]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]
HP OfficeJet Series 700 Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe [2006-05-20 15:11:04]

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
DragonDictate Classic Edition.lnk - C:\DDWIN\VOICEBAR.EXE [2006-08-19 15:05:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dragon NaturallySpeaking 8.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dragon NaturallySpeaking 8.0.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking 8.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-17 05:39:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 12:58:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 12:59:29
.
--- E O F ---

Dr. strangelove

Registered User

la vita ? buona

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

Registered User

We value your privacy