Jump to content

Mrbeelzy

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you. I recently noticed my computer was downloading web content and playing music, opening pop-ups and making 'clicking' sounds. The adds all displayed an "Addestination" by-line in the pop-up window. I ran Malwarebytes and the problem was temporarily resolved. Later, I noticed "Advanced Optimizion Addestination" listed in Add or Remove programs. (CAPTCHA): "Please enter confirmation code to validate uninstall:" I typed in the five digits and the program temporarily disappeared. Reciently, I noticed unwanted content poping up and clicking sounds again. I updated and ran Malwarebytes, which found nothing. The issue of unwanted content persisted, and "Advanced Optimizion Addestination" reappeared in Add or Remove programs, with it's bizarre (CAPTCHA) "Uninstall validation" dialogue box popping up when I try to remove it. I finally used an aftermarket add and remove program to find the files and an unlocker program to delete them without using the add and remove utility. I have not had any problems since then. But I am surprised that such crude methods could solve the problem and render my computer "clean". But OK...if it's clean then great. I would be interested in any information you may have about "adDestination" and how to best deal with it if it comes back. Thank you
  2. Here is the HJT Log from today: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:52 AM, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209659508593 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7056 bytes
  3. I suspect I still have an "adDestination" program capable of inviting unwanted web content onto my machine, I delete the files I discover only for then to reappear later. I have posted all of the requested logs except Panda...which I cannot get to work. I have written Panda about this. I have not received a response from Panda. I am still currently unable to run the Panda scan (due to some problem "updating" the Activex stuff works fine). I am not sure what to do next. Thank you
  4. Sorry I forgot to add the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:15 PM, on 12/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209659508593 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7340 bytes
  5. Thank you for your help. Following the instructions provided I have been able to do the Spybot scan and the Malwarebytes scan (logs below). Unfortunately, Panda made it past the active-x control stuff with no problem but had a problem updating. I tried 10 times or so with no success. Not sure what to do. Malwarebytes' Anti-Malware 1.30 Database version: 1455 Windows 5.1.2600 Service Pack 3 12/5/2008 11:10:35 AM mbam-log-2008-12-05 (11-10-35).txt Scan type: Full Scan (C:\|) Objects scanned: 123768 Time elapsed: 1 hour(s), 22 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --- Search result list --- Hint of the Day: Click the bar at the right of this to see more information! () DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed) MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed) MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed) BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: Tracking cookie (Firefox: default) (Cookie, fixed) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed) WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) HitBox: Tracking cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-09-16 TeaTimer.exe (1.6.3.25) 2008-12-04 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-10-22 advcheck.dll (1.6.2.13) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-09-15 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2008-11-04 Includes\Adware.sbi (*) 2008-11-25 Includes\AdwareC.sbi (*) 2008-06-03 Includes\Cookies.sbi (*) 2008-09-02 Includes\Dialer.sbi (*) 2008-09-09 Includes\DialerC.sbi (*) 2008-07-23 Includes\HeavyDuty.sbi (*) 2008-11-18 Includes\Hijackers.sbi (*) 2008-11-18 Includes\HijackersC.sbi (*) 2008-09-09 Includes\Keyloggers.sbi (*) 2008-11-18 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-11-18 Includes\Malware.sbi (*) 2008-12-03 Includes\MalwareC.sbi (*) 2008-11-03 Includes\PUPS.sbi (*) 2008-12-02 Includes\PUPSC.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-18 Includes\Security.sbi (*) 2008-12-02 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-11-04 Includes\Spyware.sbi (*) 2008-12-02 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-11-04 Includes\Trojans.sbi (*) 2008-12-02 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998) / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494) / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005 / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / MSXML4SP2: Security update for MSXML4 SP2 (KB954430) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player 10: Update for Windows Media Player 10 (KB913800) / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734) / Windows Media Player 10: Update for Windows Media Player 10 (KB926251) / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782) / Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782) / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683) / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows XP: Security Update for Windows XP (KB923689) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533) / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Security Update for Windows XP (KB929969) / Windows XP / SP3: Windows XP Service Pack 3 / Windows XP / SP4: Security Update for Windows XP (KB938464) / Windows XP / SP4: Security Update for Windows XP (KB946648) / Windows XP / SP4: Security Update for Windows XP (KB950760) / Windows XP / SP4: Security Update for Windows XP (KB950762) / Windows XP / SP4: Security Update for Windows XP (KB950974) / Windows XP / SP4: Security Update for Windows XP (KB951066) / Windows XP / SP4: Update for Windows XP (KB951072-v2) / Windows XP / SP4: Security Update for Windows XP (KB951376) / Windows XP / SP4: Security Update for Windows XP (KB951376-v2) / Windows XP / SP4: Security Update for Windows XP (KB951698) / Windows XP / SP4: Security Update for Windows XP (KB951748) / Windows XP / SP4: Update for Windows XP (KB951978) / Windows XP / SP4: Hotfix for Windows XP (KB952287) / Windows XP / SP4: Security Update for Windows XP (KB952954) / Windows XP / SP4: Security Update for Windows XP (KB953839) / Windows XP / SP4: Security Update for Windows XP (KB954211) / Windows XP / SP4: Security Update for Windows XP (KB954459) / Windows XP / SP4: Security Update for Windows XP (KB955069) / Windows XP / SP4: Security Update for Windows XP (KB956391) / Windows XP / SP4: Security Update for Windows XP (KB956803) / Windows XP / SP4: Security Update for Windows XP (KB956841) / Windows XP / SP4: Security Update for Windows XP (KB957095) / Windows XP / SP4: Security Update for Windows XP (KB957097) / Windows XP / SP4: Security Update for Windows XP (KB958644) / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221 --- Startup entries list --- Located: HK_LM:Run, ehTray command: C:\WINDOWS\ehome\ehtray.exe file: C:\WINDOWS\ehome\ehtray.exe size: 67584 MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F Located: HK_LM:Run, pccguide.exe command: "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" file: C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe size: 1807960 MD5: 69119994F284E5114B8D7C4F8D48D360 Located: HK_LM:Run, UnlockerAssistant command: "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H file: C:\Program Files\Unlocker\UnlockerAssistant.exe size: 15872 MD5: 403E928BA217E38485009636C793F3C9 Located: HK_CU:Run, DWQueuedReporting where: .DEFAULT... command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe size: 39264 MD5: 3992F464696B0EEFF236AEF93B1FDBD5 Located: HK_CU:Run, DellSupport where: PE_C_ADMINISTRATOR... command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup file: C:\Program Files\Dell Support\DSAgnt.exe size: 395776 MD5: 825EDDDB0521EB2183C7E3C45BB5FE97 Located: HK_CU:Run, ModemOnHold where: PE_C_ADMINISTRATOR... command: C:\Program Files\NetWaiting\netWaiting.exe file: C:\Program Files\NetWaiting\netWaiting.exe size: 20480 MD5: 676B1D0BFA5EF8005395AB43F33DE1F1 Located: HK_CU:Run, OE_OEM where: PE_C_ADMINISTRATOR... command: "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" file: C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe size: 321040 MD5: 23825FC42A2AFC835D33E9F1E75232D1 Located: HK_CU:Run, ctfmon.exe where: PE_C_JANE LIEN... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, DellSupport where: PE_C_JANE LIEN... command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup file: C:\Program Files\Dell Support\DSAgnt.exe size: 395776 MD5: 825EDDDB0521EB2183C7E3C45BB5FE97 Located: HK_CU:Run, ModemOnHold where: PE_C_JANE LIEN... command: C:\Program Files\NetWaiting\netWaiting.exe file: C:\Program Files\NetWaiting\netWaiting.exe size: 20480 MD5: 676B1D0BFA5EF8005395AB43F33DE1F1 Located: HK_CU:Run, MSMSGS where: PE_C_JANE LIEN... command: "C:\Program Files\Messenger\msmsgs.exe" /background file: C:\Program Files\Messenger\msmsgs.exe size: 1695232 MD5: 3E930C641079443D4DE036167A69CAA2 Located: HK_CU:Run, OE_OEM where: PE_C_JANE LIEN... command: "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" file: C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe size: 321040 MD5: 23825FC42A2AFC835D33E9F1E75232D1 Located: HK_CU:Run, swg where: PE_C_JANE LIEN... command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, ctfmon.exe where: S-1-5-21-792675085-877952385-3794828207-1007... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 Located: HK_CU:Run, OE_OEM where: S-1-5-21-792675085-877952385-3794828207-1007... command: "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" file: C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe size: 321040 MD5: 23825FC42A2AFC835D33E9F1E75232D1 Located: HK_CU:Run, DWQueuedReporting where: S-1-5-18... command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe size: 39264 MD5: 3992F464696B0EEFF236AEF93B1FDBD5 Located: Startup (common), Digital Line Detect.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\Digital Line Detect\DLG.exe file: C:\Program Files\Digital Line Detect\DLG.exe size: 24576 MD5: B66E56733E2CD6A10FDA5919625FBF46 Located: WinLogon, AtiExtEvent command: Ati2evxx.dll file: Ati2evxx.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, dimsntfy command: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, GoToAssist command: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll file: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll size: 10536 MD5: 715CAAE7D5128B6EFF34D31E18C94BA7 Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Adobe PDF Reader Link Helper description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 10/23/2006 1:08:42 AM Date (last access): 12/5/2008 10:46:00 AM Date (last write): 10/23/2006 1:08:42 AM Filesize: 62080 Attributes: archive MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A CRC32: E388508F Version: 8.0.0.456 {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 12/4/2008 5:05:30 PM Date (last access): 12/5/2008 10:46:00 AM Date (last write): 9/15/2008 2:25:44 PM Filesize: 1562960 Attributes: readonly hidden sysfile archive MD5: 35F73F1936BDE91F1B6995510A61E7A8 CRC32: BE6A5D15 Version: 1.6.2.14 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.5.0_06\bin\ Long name: ssv.dll Short name: Date (created): 3/2/2006 2:53:00 PM Date (last access): 12/5/2008 10:46:00 AM Date (last write): 11/10/2005 2:22:12 PM Filesize: 184423 Attributes: archive MD5: F01726F7CA8538FDD4663C9DB8FEAEDC CRC32: 0111B892 Version: 5.0.60.5 --- ActiveX list --- {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) DPF name: CLSID name: TTestGenXInstallObject Installer: C:\WINDOWS\Downloaded Program Files\TestGenXInstall.inf Codebase: http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab Path: C:\WINDOWS\DOWNLO~1\ Long name: TestGenXInstall.dll Short name: TESTGE~1.DLL Date (created): 12/15/2004 7:15:04 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 12/15/2004 7:15:04 PM Filesize: 194560 Attributes: archive MD5: B43771342BDE83A1E0B414CDEC24BF33 CRC32: FFC14744 Version: 1.0.0.9 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) DPF name: CLSID name: MUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf Codebase: http://www.update.microsoft.com/microsoftu...b?1209659508593 description: classification: Legitimate known filename: muweb.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: muweb.dll Short name: Date (created): 7/30/2007 9:18:34 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 10/16/2008 2:06:48 PM Filesize: 208744 Attributes: archive MD5: D2E6F0A06391FE5556E8A1D6D5041A5E CRC32: 27FBFA7D Version: 7.2.6001.788 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_06 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.5.0_06\bin\ Long name: NPJPI150_06.dll Short name: NPJPI1~1.DLL Date (created): 3/2/2006 2:52:58 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 11/10/2005 2:22:12 PM Filesize: 69746 Attributes: archive MD5: D2CF6BB5E9020E6707B62575F8083954 CRC32: 7F39DC54 Version: 5.0.60.5 {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) DPF name: CLSID name: Pearson Installation Assistant 2 Installer: Codebase: http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab description: classification: Legitimate known filename: PEARSO~1.OCX info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\DOWNLO~1\ Long name: PearsonInstallAsst2.ocx Short name: PEARSO~1.OCX Date (created): 12/6/2006 8:00:12 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 12/6/2006 8:00:12 PM Filesize: 560640 Attributes: archive MD5: F8DEB38F965876664468FB2DBC3B4644 CRC32: 47CC74DC Version: 1.2.0.0 {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_06 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.5.0_06\bin\ Long name: NPJPI150_06.dll Short name: NPJPI1~1.DLL Date (created): 3/2/2006 2:52:58 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 11/10/2005 2:22:12 PM Filesize: 69746 Attributes: archive MD5: D2CF6BB5E9020E6707B62575F8083954 CRC32: 7F39DC54 Version: 5.0.60.5 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_06 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.5.0_06\bin\ Long name: NPJPI150_06.dll Short name: NPJPI1~1.DLL Date (created): 3/2/2006 2:52:58 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 11/10/2005 2:22:12 PM Filesize: 69746 Attributes: archive MD5: D2CF6BB5E9020E6707B62575F8083954 CRC32: 7F39DC54 Version: 5.0.60.5 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Macromed\Flash\ Long name: Flash9c.ocx Short name: Date (created): 3/27/2007 6:04:00 PM Date (last access): 12/5/2008 10:47:50 AM Date (last write): 3/27/2007 6:04:00 PM Filesize: 2267368 Attributes: readonly archive MD5: D7E66E0215341B9950FAB1D749F9F692 CRC32: 65E35770 Version: 9.0.45.0 {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) DPF name: CLSID name: Pearson MathXL Player Installer: Codebase: http://asp.mathxl.com/books/_Players/MathPlayer.cab Path: C:\WINDOWS\DOWNLO~1\ Long name: MathPlayer.ocx Short name: MATHPL~1.OCX Date (created): 1/26/2007 4:19:38 PM Date (last access): 12/5/2008 11:23:06 AM Date (last write): 1/26/2007 4:19:38 PM Filesize: 5244416 Attributes: archive MD5: 0AC7677E7AE539CE1569224D908D76B1 CRC32: 456D3C6E Version: 4.3.4.0 --- Process list --- PID: 0 ( 0) [system] PID: 1176 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 1248 (1176) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 1276 (1176) \??\C:\WINDOWS\system32\winlogon.exe size: 507904 PID: 1320 (1276) C:\WINDOWS\system32\services.exe size: 108544 MD5: 0E776ED5F7CC9F94299E70461B7B8185 PID: 1332 (1276) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: BF2466B3E18E970D8A976FB95FC1CA85 PID: 1532 (1320) C:\WINDOWS\system32\Ati2evxx.exe size: 401408 MD5: 3DE89D7A2BF4E1880DF6A7E5AB8F97E1 PID: 1552 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1620 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1672 (1320) C:\Program Files\Windows Defender\MsMpEng.exe size: 13592 MD5: F45DD1E1365D857DD08BC23563370D0E PID: 1712 (1320) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1752 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1916 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1940 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1984 (1276) C:\WINDOWS\system32\Ati2evxx.exe size: 401408 MD5: 3DE89D7A2BF4E1880DF6A7E5AB8F97E1 PID: 336 (1320) C:\WINDOWS\System32\WLTRYSVC.EXE size: 20480 MD5: 60714B1C15F815F55798C0B3D4819BEB PID: 352 ( 336) C:\WINDOWS\System32\bcmwltry.exe size: 1253376 MD5: 7C19764A2EC7AC4AE8DB4BBF0B7F20C5 PID: 412 (1320) C:\WINDOWS\system32\brsvc01a.exe size: 57344 MD5: D3FACB34FFF5DB91ADB70987838F8BA7 PID: 420 (1320) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B PID: 436 ( 412) C:\WINDOWS\system32\brss01a.exe size: 45056 MD5: 9E646CD378D4D0C996BAF9BCB18237C7 PID: 556 (1320) C:\WINDOWS\eHome\ehRecvr.exe size: 237568 MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9 PID: 584 (1320) C:\WINDOWS\eHome\ehSched.exe size: 102912 MD5: A53243709439AC2A4C216B817F8D7411 PID: 664 (1320) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE size: 322120 MD5: 11F714F85530A2BD134074DC30E99FCA PID: 736 (1320) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe size: 380928 MD5: 9B38622DF6506AC70D4C509ACB0E7365 PID: 896 (1320) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe size: 1475936 MD5: B8F82833B6C9B041902C4185126BA29D PID: 960 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1000 (1320) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 1024 (1320) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe size: 345696 MD5: 562CDF10136FBD85F8C0C3AD82B6A341 PID: 1060 (1320) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe size: 923216 MD5: A0393D932E8D408C06FAB0EC0124E7D0 PID: 1100 (1320) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe size: 566872 MD5: 636597EA77A6180406B95B07B078C35C PID: 1228 (1320) C:\WINDOWS\ehome\mcrdsvc.exe size: 99328 MD5: DF0A511F38F16016BF658FCA0090CB87 PID: 2348 (1320) C:\Program Files\Canon\CAL\CALMAIN.exe size: 96370 MD5: 8EF654045E518AC00E52E7A1E2D3AD70 PID: 2392 (1552) C:\WINDOWS\system32\wbem\wmiprvse.exe size: 218112 MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD PID: 2588 (1320) C:\WINDOWS\system32\dllhost.exe size: 5120 MD5: 0A9BA6AF531AFE7FA5E4FB973852D863 PID: 2644 (1320) C:\WINDOWS\System32\alg.exe size: 44544 MD5: 8C515081584A38AA007909CD02020B3D PID: 3352 (3304) C:\WINDOWS\Explorer.EXE size: 1033728 MD5: 12896823FB95BFB3DC9B46BCAEDC9923 PID: 3580 ( 896) C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe size: 1807960 MD5: 69119994F284E5114B8D7C4F8D48D360 PID: 200 (3352) C:\WINDOWS\ehome\ehtray.exe size: 67584 MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F PID: 272 (3352) C:\Program Files\Unlocker\UnlockerAssistant.exe size: 15872 MD5: 403E928BA217E38485009636C793F3C9 PID: 280 (3352) C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe size: 321040 MD5: 23825FC42A2AFC835D33E9F1E75232D1 PID: 292 (3352) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3 PID: 1908 (1552) C:\WINDOWS\eHome\ehmsas.exe size: 46592 MD5: 03A905FBA1D62317087DB5C21C0F8F62 PID: 2708 (3352) C:\Program Files\Digital Line Detect\DLG.exe size: 24576 MD5: B66E56733E2CD6A10FDA5919625FBF46 PID: 924 (1320) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18 PID: 2344 (3352) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4891472 MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855 PID: 3408 (3352) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe size: 1261200 MD5: AABD7AA2B9EC0D0802002E028F8E9A81 PID: 2844 (3352) C:\Program Files\Mozilla Firefox\firefox.exe size: 307712 MD5: BAC6F7DE724D7F30EBD78648C86B4617 PID: 3660 (3352) C:\Program Files\Internet Explorer\iexplore.exe size: 635848 MD5: 1F03216084447F990AE797317D0A6E70 PID: 1600 (3408) C:\WINDOWS\system32\NOTEPAD.EXE size: 69120 MD5: 5E28284F9B5F9097640D58A73D38AD4C PID: 4 ( 0) System PID: 1820 (3352) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE size: 12313096 MD5: 65D0EADE0BB1A851B7781B0166DD842D --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 12/5/2008 11:30:48 AM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C30E9B1B-15E0-4510-B681-D96E5D367703}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C30E9B1B-15E0-4510-B681-D96E5D367703}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B471FC9-9825-4B21-9A52-406D96C10CCE}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B471FC9-9825-4B21-9A52-406D96C10CCE}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C42E0AD-F9B6-4F7C-9E0B-24731FF4FB45}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C42E0AD-F9B6-4F7C-9E0B-24731FF4FB45}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AFCDC67-E5EB-4FCD-86BF-E3D142232DE7}] SEQPACKET 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AFCDC67-E5EB-4FCD-86BF-E3D142232DE7}] DATAGRAM 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace
  6. I am running XP SP3. I recently noticed my computer was downloading web content and playing music, opening pop-ups and making 'clicking' sounds. The adds all displayed an "Addestination" by-line in the pop-up window. I ran Malwarebytes and the problem was temporarily resolved. Later, I noticed "Advanced Optimizion Addestination" listed in Add or Remove programs. When I attempted to delete the program, an "Uninstall validation" dialogue box popped up: "Please enter confirmation code to validate uninstall:" I typed in the five digits and the program temporarily disappeared. Reciently, I noticed unwanted content poping up and clicking sounds again. I updated and ran Malwarebytes, which found nothing. The issue of unwanted content has persisted, and "Advanced Optimizion Addestination" is now present in in Add or Remove programs, with it's bizarre "Uninstall validation" dialogue box popping up when I try to remove it. Are there any tools or techniques that might help me get rid of this program? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.