1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[google search results Hijacked?]

Discussion in 'Malware and Virus Removal Archive' started by JasPoSF, 2007/11/29.

Page 1 of 2
  1. 2007/11/29
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    I had problems with internet speed monitor popups and I think I got that cleared. Now my big thing is that google search results seem to be tainted. I get links to "monstermarketplace" and other bad sites. Can someone please help me?
    Here is my log. Thanks in advance!

    Deckard's System Scanner v20071014.68
    Run by Jason Porter on 2007-11-29 00:48:39
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    55: 2007-11-29 08:48:47 UTC - RP607 - Deckard's System Scanner Restore Point
    54: 2007-11-29 03:57:30 UTC - RP606 - Installed SUPERAntiSpyware Free Edition
    53: 2007-11-28 08:31:06 UTC - RP605 - ComboFix created restore point
    52: 2007-11-27 19:54:36 UTC - RP604 - System Checkpoint
    51: 2007-11-21 19:55:00 UTC - RP603 - System Checkpoint


    -- First Restore Point --
    1: 2007-08-30 21:35:58 UTC - RP553 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 511 MiB (512 MiB recommended).


    -- HijackThis (run as Jason Porter.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:43 AM, on 11/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jason Porter\Desktop\dss.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\DOCUME~1\JASONP~1\Desktop\Jason Porter.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/guest.portal
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: # Mozilla User Preferences

    /* Do not edit this file.
    *
    * If you make changes to this file while the browser is running,
    * the changes will be overwritten when the browser exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */

    user_pref( "aim.session.firsttime ", false);
    user_pref( "browser.activation.checkedNNFlag ", true);
    user_pref( "browser.bookmarks.added_static_root ", true);
    user_pref( "browser.download.dir ", "C:\\Documents and Settings\\Jason Porter\\My Documents ");
    user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src ");
    user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ ");
    user_pref( "browser.startup.homepage_override.mstone ", "rv:1.7.2 ");
    user_pref( "dom.disable_open_during_load ", true);
    user_pref( "intl.charsetmenu.browser.cache ", "windows-1252, UTF-8, ISO-8859-1 ");
    user_pref( "ldap_2.p
    N3 - Netscape 7: # Mozilla User Preferences

    /* Do not edit this file.
    *
    * If you make changes to this file while the browser is running,
    * the changes will be overwritten when the browser exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */

    user_pref( "aim.session.firsttime ", false);
    user_pref( "browser.activation.checkedNNFlag ", true);
    user_pref( "browser.bookmarks.added_static_root ", true);
    user_pref( "browser.download.dir ", "C:\\Documents and Settings\\Jason Porter\\My Documents ");
    user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src ");
    user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ ");
    user_pref( "browser.startup.homepage_override.mstone ", "rv:1.7.2 ");
    user_pref( "dom.disable_open_during_load ", true);
    user_pref( "intl.charsetmenu.browser.cache ", "windows-1252, UTF-8, ISO-8859-1 ");
    user_pref( "ldap_2.p
    O1 - Hosts: 194.54.90.238 www.google.com
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.com.ag
    O1 - Hosts: 194.54.90.238 www.google.com.ar
    O1 - Hosts: 194.54.90.238 www.google.com.au
    O1 - Hosts: 194.54.90.238 www.google.at
    O1 - Hosts: 194.54.90.238 www.google.az
    O1 - Hosts: 194.54.90.238 www.google.be
    O1 - Hosts: 194.54.90.238 www.google.com.br
    O1 - Hosts: 194.54.90.238 www.google.vg
    O1 - Hosts: 194.54.90.238 www.google.bi
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.td
    O1 - Hosts: 194.54.90.238 www.google.cl
    O1 - Hosts: 194.54.90.238 www.google.com.co
    O1 - Hosts: 194.54.90.238 www.google.co.cr
    O1 - Hosts: 194.54.90.238 www.google.dk
    O1 - Hosts: 194.54.90.238 www.google.com.do
    O1 - Hosts: 194.54.90.238 www.google.fm
    O1 - Hosts: 194.54.90.238 www.google.fi
    O1 - Hosts: 194.54.90.238 www.google.fr
    O1 - Hosts: 194.54.90.238 www.google.gm
    O1 - Hosts: 194.54.90.238 www.google.ge
    O1 - Hosts: 194.54.90.238 www.google.de
    O1 - Hosts: 194.54.90.238 www.google.com.gi
    O1 - Hosts: 194.54.90.238 www.google.com.gr
    O1 - Hosts: 194.54.90.238 www.google.gl
    O1 - Hosts: 194.54.90.238 www.google.gg
    O1 - Hosts: 194.54.90.238 www.google.co.il
    O1 - Hosts: 194.54.90.238 www.google.it
    O1 - Hosts: 194.54.90.238 www.google.co.kr
    O1 - Hosts: 194.54.90.238 www.google.lu
    O1 - Hosts: 194.54.90.238 www.google.mw
    O1 - Hosts: 194.54.90.238 www.google.ro
    O1 - Hosts: 194.54.90.238 www.google.se
    O1 - Hosts: 194.54.90.238 www.google.co.uk
    O1 - Hosts: 194.54.90.238 www.google.uz
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.com.ag
    O1 - Hosts: 194.54.90.238 google.com.ar
    O1 - Hosts: 194.54.90.238 google.com.au
    O1 - Hosts: 194.54.90.238 google.at
    O1 - Hosts: 194.54.90.238 google.az
    O1 - Hosts: 194.54.90.238 google.be
    O1 - Hosts: 194.54.90.238 google.com.br
    O1 - Hosts: 194.54.90.238 google.vg
    O1 - Hosts: 194.54.90.238 google.bi
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.td
    O1 - Hosts: 194.54.90.238 google.cl
    O1 - Hosts: 194.54.90.238 google.com.co
    O1 - Hosts: 194.54.90.238 google.co.cr
    O1 - Hosts: 194.54.90.238 google.dk
    O1 - Hosts: 194.54.90.238 google.com.do
    O1 - Hosts: 194.54.90.238 google.fm
    O1 - Hosts: 194.54.90.238 google.fi
    O1 - Hosts: 194.54.90.238 google.fr
    O1 - Hosts: 194.54.90.238 google.gm
    O1 - Hosts: 194.54.90.238 google.ge
    O1 - Hosts: 194.54.90.238 google.de
    O1 - Hosts: 194.54.90.238 google.com.gi
    O1 - Hosts: 194.54.90.238 google.com.gr
    O1 - Hosts: 194.54.90.238 google.gl
    O1 - Hosts: 194.54.90.238 google.gg
    O1 - Hosts: 194.54.90.238 google.co.il
    O1 - Hosts: 194.54.90.238 google.it
    O1 - Hosts: 194.54.90.238 google.co.kr
    O1 - Hosts: 194.54.90.238 google.lu
    O1 - Hosts: 194.54.90.238 google.mw
    O1 - Hosts: 194.54.90.238 google.ro
    O1 - Hosts: 194.54.90.238 google.se
    O1 - Hosts: 194.54.90.238 google.co.uk
    O1 - Hosts: 194.54.90.238 google.uz
    O1 - Hosts: 194.54.90.238 search.yahoo.com
    O1 - Hosts: 194.54.90.238 de.search.yahoo.com
    O1 - Hosts: 194.54.90.238 search.msn.com
    O1 - Hosts: 194.54.90.238 search.msn.de
    O1 - Hosts: 194.54.90.238 search.live.com
    O1 - Hosts: ðj
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe "
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\MCROSO~1\dvdplay.exe" -vt yazb
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 15435 bytes

    -- File Associations -----------------------------------------------------------

    .js - JSFile - shell\open\command - unable to read value


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
    R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

    S3 catchme - c:\docume~1\jasonp~1\locals~1\temp\catchme.sys (file missing)
    S3 dump_wmimmc - c:\windows\system32\drivers\dump_wmimmc.sys (file missing)
    S3 jfdcd - c:\docume~1\jasonp~1\locals~1\temp\jfdcd.sys (file missing)
    S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
    S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
    S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
    S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
    S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>
    R2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

    S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
    S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-10-26 16:15:00 404 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


    -- Files created between 2007-10-29 and 2007-11-29 -----------------------------

    2007-11-29 00:09:02 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
    2007-11-29 00:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 22:43:02 0 d-------- C:\WINDOWS\LastGood
    2007-11-28 19:57:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-28 19:57:30 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-28 19:57:30 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
    2007-11-27 00:22:05 0 d-------- C:\Program Files\SpywareBlaster
    2007-11-25 22:47:37 0 d-------- C:\Program Files\Enigma Software Group
    2007-11-25 22:39:11 0 d-------- C:\WINDOWS\owim
    2007-11-25 22:39:11 0 d-------- C:\Program Files\Common Files\owim
    2007-11-25 16:24:28 0 d--hs---- C:\WINDOWS\SmFzb24gUG9ydGVy
    2007-11-24 14:15:21 0 d-------- C:\Program Files\QdrModule
    2007-11-24 14:15:21 0 d-------- C:\Program Files\QdrDrive
    2007-11-03 19:51:39 0 d-------- C:\WINDOWS\nview
    2007-11-03 18:21:51 0 d-------- C:\Program Files\SystemRequirementsLab


    -- Find3M Report ---------------------------------------------------------------

    2007-11-28 23:22:57 0 d-------- C:\Program Files\Verizon
    2007-11-28 23:14:23 0 d-------- C:\Program Files\Digital Line Detect
    2007-11-28 23:14:12 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
    2007-11-28 23:12:17 0 d-------- C:\Program Files\Common Files\Motive
    2007-11-28 22:17:27 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-11-28 22:17:27 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-11-28 19:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 11:58:01 110592 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 11:57:54 19249 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 00:25:07 2656 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-27 01:06:31 0 d-------- C:\Program Files\Common Files
    2007-11-25 22:34:07 0 d-------- C:\Program Files\Movie Maker
    2007-11-05 15:15:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2007-11-03 16:45:11 0 d-------- C:\Program Files\Verizon Games on Demand Player
    2007-11-03 16:35:23 1712 --a------ C:\WINDOWS\GPlrLanc.dat
    2007-10-22 11:52:17 0 d-------- C:\Program Files\Java
    2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-08-30 16:34:46 53314 -----n--- C:\WINDOWS\ExentInfo.exe <Not Verified; Exent Technologies Ltd.; EXETenderâ„¢ Client>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility "= "Logi_MwX.Exe" [05/16/2003 07:50 AM C:\WINDOWS\LOGI_MWX.EXE]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 09:23 AM]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/14/2004 11:01 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/20/2005 07:01 AM]
    "dlbxmon.exe "= "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/2005 06:57 AM]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [03/12/2005 06:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/26/2005 06:27 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
    "CTHelper "= "CTHELPER.EXE" [02/02/2004 06:30 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
    "Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 01:37 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
    "nwiz "= "nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI "= "MIDIDef.exe" [06/20/2003 02:13 AM C:\WINDOWS\MIDIDEF.EXE]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
    "CTSyncU.exe "= "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [06/12/2006 02:32 PM]
    "Exetender "= "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [08/30/2007 04:47 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
    "ares "= "C:\Program Files\Ares\Ares.exe" []
    "Sen "= "C:\WINDOWS\MCROSO~1\dvdplay.exe" []
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
    "SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

    C:\Documents and Settings\Jason Porter\Start Menu\Programs\Startup\
    DESKTOP.INI [8/10/2004 11:04:12 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/21/2006 7:43:41 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DESKTOP.INI [8/10/2004 11:04:12 AM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/11/2004 6:12:18 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\OblivionLauncher.exe

    *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
    *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD



    -- Hosts -----------------------------------------------------------------------

    194.54.90.238 www.google.com
    194.54.90.238 www.google.ca
    194.54.90.238 www.google.com.ag
    194.54.90.238 www.google.com.ar
    194.54.90.238 www.google.com.au
    194.54.90.238 www.google.at
    194.54.90.238 www.google.az
    194.54.90.238 www.google.be
    194.54.90.238 www.google.com.br
    194.54.90.238 www.google.vg

    69 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-11-29 00:50:39 ------------
     
    JasPoSF,
    #1
  2. 2007/11/29
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Please follow Posting Rules (#3 - Meaningful Subject) when posting.

    I have adjusted your subject.
     
    Arie,
    #2


  3. to hide this advert.

  4. 2007/12/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Download the HostsXpert 3.7 - Hosts File Manager.
    • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Backup / Restore then Create Backup
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\MCROSO~1\dvdplay.exe" -vt yazb

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.


    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\QdrModule
    C:\Program Files\QdrDrive

    Please go to this folder and let me know what the contents of it are, what files and the names, if any.
    C:\WINDOWS\SmFzb24gUG9ydGVy

    Thanks
    Geri
     
    Geri,
    #3
  5. 2007/12/02
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Thanks

    I used HostsXpert amd did what you instructed. I also deleted the two folders. I was unable to find C:\WINDOWS\SmFzb24gUG9ydGVy.
     
    JasPoSF,
    #4
  6. 2007/12/02
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    OK lets enable hidden files folders.
    Enable the 'Show Hidden Files/Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Now please check to see if you can find it.

    Thanks
    Geri
     
    Geri,
    #5
  7. 2007/12/02
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    I did the steps you told me and found the folder. There are no files in it.
     
    JasPoSF,
    #6
  8. 2007/12/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    OK. Please delete that folder.

    Then run dss again and post the new log.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2007/12/06
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    I am not getting popups at this current time. The main thing that seems to be plaguing me at this current time is my search results on Google are still being tainted.

    Deckard's System Scanner v20071014.68
    Run by Jason Porter on 2007-12-06 19:42:27
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 511 MiB (512 MiB recommended).


    -- HijackThis (run as Jason Porter.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:42:32 PM, on 12/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\Documents and Settings\Jason Porter\Desktop\dss.exe
    C:\DOCUME~1\JASONP~1\Desktop\JASONP~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/guest.portal
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O1 - Hosts: 194.54.90.238 www.google.com
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.com.ag
    O1 - Hosts: 194.54.90.238 www.google.com.ar
    O1 - Hosts: 194.54.90.238 www.google.com.au
    O1 - Hosts: 194.54.90.238 www.google.at
    O1 - Hosts: 194.54.90.238 www.google.az
    O1 - Hosts: 194.54.90.238 www.google.be
    O1 - Hosts: 194.54.90.238 www.google.com.br
    O1 - Hosts: 194.54.90.238 www.google.vg
    O1 - Hosts: 194.54.90.238 www.google.bi
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.td
    O1 - Hosts: 194.54.90.238 www.google.cl
    O1 - Hosts: 194.54.90.238 www.google.com.co
    O1 - Hosts: 194.54.90.238 www.google.co.cr
    O1 - Hosts: 194.54.90.238 www.google.dk
    O1 - Hosts: 194.54.90.238 www.google.com.do
    O1 - Hosts: 194.54.90.238 www.google.fm
    O1 - Hosts: 194.54.90.238 www.google.fi
    O1 - Hosts: 194.54.90.238 www.google.fr
    O1 - Hosts: 194.54.90.238 www.google.gm
    O1 - Hosts: 194.54.90.238 www.google.ge
    O1 - Hosts: 194.54.90.238 www.google.de
    O1 - Hosts: 194.54.90.238 www.google.com.gi
    O1 - Hosts: 194.54.90.238 www.google.com.gr
    O1 - Hosts: 194.54.90.238 www.google.gl
    O1 - Hosts: 194.54.90.238 www.google.gg
    O1 - Hosts: 194.54.90.238 www.google.co.il
    O1 - Hosts: 194.54.90.238 www.google.it
    O1 - Hosts: 194.54.90.238 www.google.co.kr
    O1 - Hosts: 194.54.90.238 www.google.lu
    O1 - Hosts: 194.54.90.238 www.google.mw
    O1 - Hosts: 194.54.90.238 www.google.ro
    O1 - Hosts: 194.54.90.238 www.google.se
    O1 - Hosts: 194.54.90.238 www.google.co.uk
    O1 - Hosts: 194.54.90.238 www.google.uz
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.com.ag
    O1 - Hosts: 194.54.90.238 google.com.ar
    O1 - Hosts: 194.54.90.238 google.com.au
    O1 - Hosts: 194.54.90.238 google.at
    O1 - Hosts: 194.54.90.238 google.az
    O1 - Hosts: 194.54.90.238 google.be
    O1 - Hosts: 194.54.90.238 google.com.br
    O1 - Hosts: 194.54.90.238 google.vg
    O1 - Hosts: 194.54.90.238 google.bi
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.td
    O1 - Hosts: 194.54.90.238 google.cl
    O1 - Hosts: 194.54.90.238 google.com.co
    O1 - Hosts: 194.54.90.238 google.co.cr
    O1 - Hosts: 194.54.90.238 google.dk
    O1 - Hosts: 194.54.90.238 google.com.do
    O1 - Hosts: 194.54.90.238 google.fm
    O1 - Hosts: 194.54.90.238 google.fi
    O1 - Hosts: 194.54.90.238 google.fr
    O1 - Hosts: 194.54.90.238 google.gm
    O1 - Hosts: 194.54.90.238 google.ge
    O1 - Hosts: 194.54.90.238 google.de
    O1 - Hosts: 194.54.90.238 google.com.gi
    O1 - Hosts: 194.54.90.238 google.com.gr
    O1 - Hosts: 194.54.90.238 google.gl
    O1 - Hosts: 194.54.90.238 google.gg
    O1 - Hosts: 194.54.90.238 google.co.il
    O1 - Hosts: 194.54.90.238 google.it
    O1 - Hosts: 194.54.90.238 google.co.kr
    O1 - Hosts: 194.54.90.238 google.lu
    O1 - Hosts: 194.54.90.238 google.mw
    O1 - Hosts: 194.54.90.238 google.ro
    O1 - Hosts: 194.54.90.238 google.se
    O1 - Hosts: 194.54.90.238 google.co.uk
    O1 - Hosts: 194.54.90.238 google.uz
    O1 - Hosts: 194.54.90.238 search.yahoo.com
    O1 - Hosts: 194.54.90.238 de.search.yahoo.com
    O1 - Hosts: 194.54.90.238 search.msn.com
    O1 - Hosts: 194.54.90.238 search.msn.de
    O1 - Hosts: 194.54.90.238 search.live.com
    O1 - Hosts: ðj
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 13121 bytes

    -- Files created between 2007-11-06 and 2007-12-06 -----------------------------

    2007-12-06 12:01:49 200704 --a------ C:\WINDOWS\system32\WG1v2Lib.dll <Not Verified; NETGEAR Inc.; WG1v2lib Dynamic Link Library>
    2007-12-06 12:01:49 155648 --a------ C:\WINDOWS\system32\IpLib.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
    2007-12-06 12:01:49 114688 -ra------ C:\WINDOWS\system32\EnumDev111.dll <Not Verified; NETGEAR Inc.; EnumDev111 Dynamic Link Library>
    2007-12-06 12:01:49 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 66048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 0 d-------- C:\WINDOWS\OPTIONS
    2007-12-06 12:01:49 0 d-------- C:\Program Files\NETGEAR
    2007-11-29 00:09:02 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
    2007-11-29 00:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 19:57:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-28 19:57:30 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-28 19:57:30 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:47:37 0 d-------- C:\Program Files\Enigma Software Group
    2007-11-25 22:39:11 0 d-------- C:\WINDOWS\owim
    2007-11-25 22:39:11 0 d-------- C:\Program Files\Common Files\owim


    -- Find3M Report ---------------------------------------------------------------

    2007-12-06 17:59:39 0 d-------- C:\Program Files\Dl_cats
    2007-12-06 17:22:54 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-06 17:22:54 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-06 12:01:49 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-02 20:06:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 23:22:57 0 d-------- C:\Program Files\Verizon
    2007-11-28 23:14:23 0 d-------- C:\Program Files\Digital Line Detect
    2007-11-28 23:14:12 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
    2007-11-28 23:12:17 0 d-------- C:\Program Files\Common Files\Motive
    2007-11-28 11:58:01 110592 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 11:57:54 19249 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 00:25:07 2656 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-27 01:06:31 0 d-------- C:\Program Files\Common Files
    2007-11-25 22:34:07 0 d-------- C:\Program Files\Movie Maker
    2007-11-05 15:15:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2007-11-03 18:21:51 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-03 16:45:11 0 d-------- C:\Program Files\Verizon Games on Demand Player
    2007-11-03 16:35:23 1712 --a------ C:\WINDOWS\GPlrLanc.dat
    2007-10-22 11:52:17 0 d-------- C:\Program Files\Java
    2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility "= "Logi_MwX.Exe" [05/16/2003 07:50 AM C:\WINDOWS\LOGI_MWX.EXE]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 09:23 AM]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/14/2004 11:01 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/20/2005 07:01 AM]
    "dlbxmon.exe "= "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/2005 06:57 AM]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [03/12/2005 06:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/26/2005 06:27 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
    "CTHelper "= "CTHELPER.EXE" [02/02/2004 06:30 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
    "Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 01:37 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
    "nwiz "= "nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
    "DLBXCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [12/07/2004 01:43 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI "= "MIDIDef.exe" [06/20/2003 02:13 AM C:\WINDOWS\MIDIDEF.EXE]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
    "Exetender "= "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [08/30/2007 04:47 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    C:\Documents and Settings\Jason Porter\Start Menu\Programs\Startup\
    DESKTOP.INI [8/10/2004 11:04:12 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/21/2006 7:43:41 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DESKTOP.INI [8/10/2004 11:04:12 AM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/11/2004 6:12:18 AM]
    WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [12/6/2007 12:01:50 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\OblivionLauncher.exe




    -- End of Deckard's System Scanner: finished at 2007-12-06 19:42:56 ------------
     
    JasPoSF,
    #8
  10. 2007/12/07
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Did you run HostExpert?
    Did you add all those to your host file?

    Are you located here.
    Ukraine.

    Please scan this file.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
      • C:\WINDOWS\system32\DVCState.dat
    • Click on the submit button
    • Please post the results in your next reply.

    If it says it can't locate the file then please try it this way.

    C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat

    Thanks
    Geri
     
    Geri,
    #9
  11. 2007/12/08
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    I am about to run Jotti but can you clarify exactly what I am supposed to do with HostExpert? I am not sure what you meant by asking if I added all those to my host file.
    Thanks
     
    JasPoSF,
    #10
  12. 2007/12/08
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Here are my Jotti results

    Service
    Service load: 0% 100%

    File: DVCState-{00000000-00000004}.dat
    Status: INCONCLUSIVE (scan still in progress)
    MD5: c496cce61e84c656abf5ef67433bbb98
    Packers detected: Analyzing...
    Bit9 reports: File not found

    Scanner results
    Scan taken on 08 Dec 2007 21:43:52 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
     
    JasPoSF,
    #11
  13. 2007/12/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    In post # 3, I asked you to run HostEpert, Did you do so?

    All the google entries in your HJT log,
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.com.ag.....

    Thanks
    Geri
     
    Geri,
    #12
  14. 2007/12/08
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    I did run HostExpert. I am still a little unclear what to do after running it. And what am I supposed to do with the entries in HJT that relate to Google?
     
    JasPoSF,
    #13
  15. 2007/12/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    You shouldn't have to do anything with it really, It should have gotten rid of these host files?

    Lets see what happens this way.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O1 - Hosts: 194.54.90.238 www.google.com
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.com.ag
    O1 - Hosts: 194.54.90.238 www.google.com.ar
    O1 - Hosts: 194.54.90.238 www.google.com.au
    O1 - Hosts: 194.54.90.238 www.google.at
    O1 - Hosts: 194.54.90.238 www.google.az
    O1 - Hosts: 194.54.90.238 www.google.be
    O1 - Hosts: 194.54.90.238 www.google.com.br
    O1 - Hosts: 194.54.90.238 www.google.vg
    O1 - Hosts: 194.54.90.238 www.google.bi
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.td
    O1 - Hosts: 194.54.90.238 www.google.cl
    O1 - Hosts: 194.54.90.238 www.google.com.co
    O1 - Hosts: 194.54.90.238 www.google.co.cr
    O1 - Hosts: 194.54.90.238 www.google.dk
    O1 - Hosts: 194.54.90.238 www.google.com.do
    O1 - Hosts: 194.54.90.238 www.google.fm
    O1 - Hosts: 194.54.90.238 www.google.fi
    O1 - Hosts: 194.54.90.238 www.google.fr
    O1 - Hosts: 194.54.90.238 www.google.gm
    O1 - Hosts: 194.54.90.238 www.google.ge
    O1 - Hosts: 194.54.90.238 www.google.de
    O1 - Hosts: 194.54.90.238 www.google.com.gi
    O1 - Hosts: 194.54.90.238 www.google.com.gr
    O1 - Hosts: 194.54.90.238 www.google.gl
    O1 - Hosts: 194.54.90.238 www.google.gg
    O1 - Hosts: 194.54.90.238 www.google.co.il
    O1 - Hosts: 194.54.90.238 www.google.it
    O1 - Hosts: 194.54.90.238 www.google.co.kr
    O1 - Hosts: 194.54.90.238 www.google.lu
    O1 - Hosts: 194.54.90.238 www.google.mw
    O1 - Hosts: 194.54.90.238 www.google.ro
    O1 - Hosts: 194.54.90.238 www.google.se
    O1 - Hosts: 194.54.90.238 www.google.co.uk
    O1 - Hosts: 194.54.90.238 www.google.uz
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.com.ag
    O1 - Hosts: 194.54.90.238 google.com.ar
    O1 - Hosts: 194.54.90.238 google.com.au
    O1 - Hosts: 194.54.90.238 google.at
    O1 - Hosts: 194.54.90.238 google.az
    O1 - Hosts: 194.54.90.238 google.be
    O1 - Hosts: 194.54.90.238 google.com.br
    O1 - Hosts: 194.54.90.238 google.vg
    O1 - Hosts: 194.54.90.238 google.bi
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.td
    O1 - Hosts: 194.54.90.238 google.cl
    O1 - Hosts: 194.54.90.238 google.com.co
    O1 - Hosts: 194.54.90.238 google.co.cr
    O1 - Hosts: 194.54.90.238 google.dk
    O1 - Hosts: 194.54.90.238 google.com.do
    O1 - Hosts: 194.54.90.238 google.fm
    O1 - Hosts: 194.54.90.238 google.fi
    O1 - Hosts: 194.54.90.238 google.fr
    O1 - Hosts: 194.54.90.238 google.gm
    O1 - Hosts: 194.54.90.238 google.ge
    O1 - Hosts: 194.54.90.238 google.de
    O1 - Hosts: 194.54.90.238 google.com.gi
    O1 - Hosts: 194.54.90.238 google.com.gr
    O1 - Hosts: 194.54.90.238 google.gl
    O1 - Hosts: 194.54.90.238 google.gg
    O1 - Hosts: 194.54.90.238 google.co.il
    O1 - Hosts: 194.54.90.238 google.it
    O1 - Hosts: 194.54.90.238 google.co.kr
    O1 - Hosts: 194.54.90.238 google.lu
    O1 - Hosts: 194.54.90.238 google.mw
    O1 - Hosts: 194.54.90.238 google.ro
    O1 - Hosts: 194.54.90.238 google.se
    O1 - Hosts: 194.54.90.238 google.co.uk
    O1 - Hosts: 194.54.90.238 google.uz
    O1 - Hosts: 194.54.90.238 search.yahoo.com
    O1 - Hosts: 194.54.90.238 de.search.yahoo.com
    O1 - Hosts: 194.54.90.238 search.msn.com
    O1 - Hosts: 194.54.90.238 search.msn.de
    O1 - Hosts: 194.54.90.238 search.live.com
    O1 - Hosts: ðj
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Please reboot your computer then post a new HJT log.

    Thanks
    Geri
     
    Geri,
    #14
  16. 2007/12/09
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    You are awesome!

    Well here is the latest log! I just did a google search and it is working normal now!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:08:23 PM, on 12/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Documents and Settings\Jason Porter\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/guest.portal
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9735 bytes
     
    JasPoSF,
    #15
  17. 2007/12/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    Glad to hear. :) Test it for a day or so. then let me know that all is OK.

    You can delete dss.exe from your desktop and this folder C:\Deckard.

    Geri
     
    Geri,
    #16
  18. 2007/12/09
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Well unfortunately the search results started getting automatically misdirected again to some of the same sites. Something must be imbedded still. When I run Google Search right after I fix through HJT everything is fine but then soon after the problem comes again.
     
    JasPoSF,
    #17
  19. 2007/12/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    Ok, Please post a new HJT log and a new dss log.

    Thanks
    Geri
     
    Geri,
    #18
  20. 2007/12/09
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Deckard's System Scanner v20071014.68
    Run by Jason Porter on 2007-12-09 16:32:25
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 76% (more than 75%).
    Total Physical Memory: 511 MiB (512 MiB recommended).


    -- HijackThis (run as Jason Porter.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:32:31 PM, on 12/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jason Porter\Desktop\dss.exe
    C:\DOCUME~1\JASONP~1\Desktop\JASONP~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/guest.portal
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9868 bytes

    -- Files created between 2007-11-09 and 2007-12-09 -----------------------------

    2007-12-06 12:01:49 200704 --a------ C:\WINDOWS\system32\WG1v2Lib.dll <Not Verified; NETGEAR Inc.; WG1v2lib Dynamic Link Library>
    2007-12-06 12:01:49 155648 --a------ C:\WINDOWS\system32\IpLib.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
    2007-12-06 12:01:49 114688 -ra------ C:\WINDOWS\system32\EnumDev111.dll <Not Verified; NETGEAR Inc.; EnumDev111 Dynamic Link Library>
    2007-12-06 12:01:49 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 66048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 0 d-------- C:\WINDOWS\OPTIONS
    2007-12-06 12:01:49 0 d-------- C:\Program Files\NETGEAR
    2007-11-29 00:09:02 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
    2007-11-29 00:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 19:57:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-28 19:57:30 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-28 19:57:30 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:47:37 0 d-------- C:\Program Files\Enigma Software Group
    2007-11-25 22:39:11 0 d-------- C:\WINDOWS\owim
    2007-11-25 22:39:11 0 d-------- C:\Program Files\Common Files\owim


    -- Find3M Report ---------------------------------------------------------------

    2007-12-08 22:37:59 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-08 22:37:59 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-07 13:40:55 0 d-------- C:\Program Files\Dl_cats
    2007-12-06 12:01:49 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-02 20:06:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 23:22:57 0 d-------- C:\Program Files\Verizon
    2007-11-28 23:14:23 0 d-------- C:\Program Files\Digital Line Detect
    2007-11-28 23:14:12 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
    2007-11-28 23:12:17 0 d-------- C:\Program Files\Common Files\Motive
    2007-11-28 11:58:01 110592 --a------ C:\WINDOWS\system32\imm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 11:57:54 19249 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-28 00:25:07 2656 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-27 01:06:31 0 d-------- C:\Program Files\Common Files
    2007-11-25 22:34:07 0 d-------- C:\Program Files\Movie Maker
    2007-11-05 15:15:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2007-11-03 18:21:51 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-03 16:45:11 0 d-------- C:\Program Files\Verizon Games on Demand Player
    2007-11-03 16:35:23 1712 --a------ C:\WINDOWS\GPlrLanc.dat
    2007-10-22 11:52:17 0 d-------- C:\Program Files\Java
    2007-09-17 00:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-09-17 00:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-09-17 00:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-09-17 00:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-09-17 00:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-09-17 00:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-09-17 00:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-09-17 00:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility "= "Logi_MwX.Exe" [05/16/2003 07:50 AM C:\WINDOWS\LOGI_MWX.EXE]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 09:23 AM]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/14/2004 11:01 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/20/2005 07:01 AM]
    "dlbxmon.exe "= "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/2005 06:57 AM]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [03/12/2005 06:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/26/2005 06:27 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
    "CTHelper "= "CTHELPER.EXE" [02/02/2004 06:30 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
    "Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 01:37 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
    "nwiz "= "nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
    "DLBXCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [12/07/2004 01:43 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI "= "MIDIDef.exe" [06/20/2003 02:13 AM C:\WINDOWS\MIDIDEF.EXE]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
    "Exetender "= "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [08/30/2007 04:47 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    C:\Documents and Settings\Jason Porter\Start Menu\Programs\Startup\
    DESKTOP.INI [8/10/2004 11:04:12 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/21/2006 7:43:41 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DESKTOP.INI [8/10/2004 11:04:12 AM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/11/2004 6:12:18 AM]
    WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [12/6/2007 12:01:50 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\OblivionLauncher.exe




    -- End of Deckard's System Scanner: finished at 2007-12-09 16:32:57 ------------


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:34:06 PM, on 12/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jason Porter\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/guest.portal
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9832 bytes
     
    JasPoSF,
    #19
  21. 2007/12/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    I'm just not seeing anything in those logs that would be causing this?

    Do you know what this is? I can find little info on it.
    C:\Program Files\Common Files\owim

    Lets get a online scan.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Thanks
    Geri
     
    Geri,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...