New Virus, Please Help. - Tilted Forum Project Discussion Community

Wyodiver33 · 03-28-2008, 12:16 PM

Still can't beat this virus. Dell XPS410, Win Xp Pro. Says an Active Desktop to on with a Red Background with a big biohazard sign on it. Norton, Spybot, and ad aware can't seem to catch it. It's causing huge amounts of popups. I need some help.

Hain · 03-28-2008, 03:09 PM

http://www.tfproject.org/tfp/showthr...t=126832#augi1

Try a-Squared, Housecall, AVG, CWShredder, and try posting a Hijack-This! log here and at their forums for assistance. If all else fails, you'll just have to DBAN your computer. //kidding// Also, try CCleaning your computer of all temp files.

What do you use as a browser? What Norton are you using? Up to date? Etc.

EDIT: Oh I already gave this advice. Where is the Hijack-This log? What are you doing online that is giving you all these viruses?

Wyodiver33 · 03-28-2008, 04:47 PM

Here's the Hijack-this info. Newest Norton, newest everything, trust me. Not a newb but this one is kicking my ass.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:29 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6070706
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {65255C76-B542-44A2-BA6F-2D6B2DF2DB34} - (no file)
R3 - URLSearchHook: (no name) - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: GNX Bingo - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TBSB02678 - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-4.dll
O2 - BHO: TBSB04757 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.0.64\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O8 - Extra context menu item: &Search - ?p=ZRfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: bokpkov - {77A17D2D-E12E-46B6-9A42-6066EBA42BED} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {10AFEF02-A70D-4578-8234-8706725C4B95} - C:\WINDOWS\altvxvm.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14487 bytes

Please help me.

Cynthetiq · 03-28-2008, 04:55 PM

question:

you actually added the virtual girl HD and the freeze.com screensavesrs yourself?

Wyodiver33 · 03-28-2008, 04:56 PM

No, I didn't. My Girlfriend did.

Cynthetiq · 03-28-2008, 04:58 PM

can you post a screenshot of the error? I'm having a hard time understanding the Active Desktop error

Wyodiver33 · 03-28-2008, 04:58 PM

Please, help me.

Cynthetiq · 03-28-2008, 04:59 PM

and those free screensavers just suck ass... and used to contain more malware than funware. I dunno how they are today but I think they still suck ass.

Wyodiver33 · 03-28-2008, 05:00 PM

I can turn off Active desktop for a while but then it's backs, Blood red, With A Biohazard sign

First person who fixes this gets my Girl for fifteen minutes. She's hot, great rack.

Oh well. She wouldn't have gone fore it anyway.

Cynthetiq · 03-28-2008, 05:07 PM

what does the error say specifically because you can get a similar error that just says your privacy is questionable.

can you get a screenshot of it at all?

Wyodiver33 · 03-28-2008, 05:08 PM

I just really need some help.

Cynthetiq · 03-28-2008, 05:08 PM

I'm wondering if all those little helper apps aren't just flagging it s a privacy issue. since none of the other adware and other secruity apps aren't going apeshit.

GNX Bingo is also suspect

Freeze.com toolbar

Quote:

Adware.Softomate Adware.Softomate is a potentially unwanted adware program that installs a toolbar in Internet Explorer. It does not provide a EULA nor displays a license agreement when installed.
Adware.Maxifiles Maxifiles adds a toolbar onto your task manager and creates pop-up advertisements.
Spyware.Rogue_Anti-Spyware_Products Rogue and suspect anti-spyware products use deceptive and unfair practices to trick consumers into purchasing them. Methods can include not providing proven, reliable anti-spyware protection or being prone to ridiculous false positives; unfair, deceptive or high pressure sales tactics; being associated with known distributors of spyware/adware or having been known to install spyware/adware themselves.

GNX Bingo

Quote:

Security Risk Description
Adware.Agent.BN Adware.Agent.BN is an adware program that displays pop-up advertisements and adds a runkey to run at startup, and also modifies Windows system configuration in order to download more malwares on to infected computer.

everytime you open your browser you reinfect yourself with this line:

Code:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

these other items are also suspect. It looks like you cleaned off some of the Freeze.com toolbar but not all of it.

Code:

O21 - SSODL: bokpkov - {77A17D2D-E12E-46B6-9A42-6066EBA42BED} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {10AFEF02-A70D-4578-8234-8706725C4B95} - C:\WINDOWS\altvxvm.dll

R3 - URLSearchHook: (no name) - {65255C76-B542-44A2-BA6F-2D6B2DF2DB34} - (no file)
R3 - URLSearchHook: (no name) - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file)

O2 - BHO: GNX Bingo - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll
Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)
BHO: TBSB04757 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)

This is the best help I can do next to doing it myself. The other thing to do is to tell your g/f to stop downloading a bunch of extra crap. Codecs to watch porn is a good way to get infected these days. So are all those toolbars and "fun" helper applications.

Quote:

How to remove softwarereferral/safewebnavigate hijackers and etlrlws toolbar
Softwarereferral infection is a hijacker. If your computer was infected, you got many popups, Internet Explorer start page changed to softwarereferral.com, blinking stopsign with X in system tray, continual system alert popups.

Download HijackThis and double click on the file for install.
Download CCleaner. Double click on the file for install.
Download Combofix.
Download SmitfraudFix (by S!Ri). Extract the content (a folder named SmitfraudFix) to your Desktop.

Reboot your computer again in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items (if exists):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\WINDOWS\kdftlboepta.dll
O2 - BHO: GNX Rolex - {CD6DCA54-AE70-4562-BD9E-0C0A32F01347} - C:\WINDOWS\drnpfdxsnp.dll
O3 - Toolbar: etlrlws - {13F5AE57-486D-41B6-BA43-806EA7CCAE14} - C:\WINDOWS\etlrlws.dll
O4 - HKCU\..\Run: [awedpedp] C:\WINDOWS\system32\naxgxwbu.exe
O4 - HKLM\..\Policies\Explorer\Run: [bZ76ULmU0g] C:\Documents and Settings\All Users\Application Data\titkpyhg\vyzwdszw.exe
O21 - SSODL: bokpkov - {919071FA-540C-4492-BE14-79F7E72B24A1} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {360925C8-9CA2-4D10-9C9D-4DA09A5840FB} - C:\WINDOWS\altvxvm.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Note: SSODL modules can have random name(blue color) and some different clsid(red color), use google for check them.

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd.
Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning - Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Close any open browsers. Double click on combofix.exe and follow the prompts.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

If everything seems to be good - pop ups are gone, no any redirects, then you should make a new restore point.Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.

If you are still having problems with spyware after completing these instructions, maybe you have another version of the infection, then please follow the steps: How to use Spyware Removal Forum.

Wyodiver33 · 03-28-2008, 07:06 PM

I did sign up for GMX email. Recently. Any ideas about that?

They had a two page add in a computer mag and it sounded like a good service. I was quite happy with Gmail.

Hain · 03-29-2008, 12:47 AM

Quote:

Originally Posted by Wyodiver33

C:\Program Files\vghd\vghd.exe

This concerns me.

VirtuaGirl?

I notice you have a lot of toolbars for your browser. Why so many? As far as I am concerned, that is asking for more things to go wrong. Don't ask me why. That is just my gut feeling.

possible infections click to show

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {65255C76-B542-44A2-BA6F-2D6B2DF2DB34} - (no file)
R3 - URLSearchHook: (no name) - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: TBSB02678 - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-4.dll
O2 - BHO: TBSB04757 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.0.64\PlaxoHelper_en.exe -a
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O21 - SSODL: bokpkov - {77A17D2D-E12E-46B6-9A42-6066EBA42BED} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {10AFEF02-A70D-4578-8234-8706725C4B95} - C:\WINDOWS\altvxvm.dll
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

These are the things I figure you can get rid of. Bolded elements means I don't know what they are. I was reading online about Freeze and it has been suggested to be an adware toolbar. Maybe you can explain what they other ones are.

I will read through the remainder of these posts in this thread now.

Quote:

Originally Posted by Wyodiver33

Please, help me.

Quote:

Originally Posted by Wyodiver33

I just really need some help.

We're trying, and why didn't you answer with something more substantial?

Quote:

Originally Posted by Cynthetiq

everytime you open your browser you reinfect yourself with this line:

Code:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

Good eye. I missed that one.
Cynthetiq has a good plan of operation. They only thing I can suggest is that you don't just CClean it, you CClean it with an additional pass (Options > Settings > Secure Deletion > Secure File Deletion > "Simple Overwrite (1 Pass)").

Cynthetiq · 03-29-2008, 05:44 AM

yes, I thing virtualgirl HD is suspect too. I've outgrown "look at the little stripper walking across my desktop" You may not be a newb, but you sure aren't skilled enough to get yourself out of this kind of trouble to be cruising these suspect type web sites you are going to. I go to them from time to time so that I can learn how to remove and prevent them from infecting my machine.

oh duh.

I just figured out what your active desktop biohazard warning image is.

When you switch to active desktop, it opens the browser URL location as your desktop background. Which is set to this software referral, which is an error type screen by itself. Your virus systems aren't reporting it. It's reporting itself as an advertisement.

I kept asking for a screenshot because screenshots give EXACT words and images that I can determine which kind of malware you got stuck with. It was the softwarereferral.com link that got me the answer. But it would have been faster to deduce if one can see the errors on the desktop as opposed to someone describing it.

Follow the links and instructions I sent. Then tell your g/f to stop clicking on everything that moves, looks shiny and pretty, porn that wants to download anything codec, dialer, etc. AND you don't need that many toolbars. I don't care what kind of functionality you think is cool it's bloatware or spyware most of the time.

arch13 · 03-31-2008, 01:01 PM

Quote:

Originally Posted by Cynthetiq

oh duh.

I just figured out what your active desktop biohazard warning image is.

When you switch to active desktop, it opens the browser URL location as your desktop background. Which is set to this software referral, which is an error type screen by itself. Your virus systems aren't reporting it. It's reporting itself as an advertisement.

Damn. I would not have realized that. Good Catch!

Cynthetiq · 03-31-2008, 02:01 PM

Wyodiver33 how'd that work out for you?

Arachia · 05-21-2008, 05:50 PM

I know VirtuaGirl never on this computer here is what I do know.
It seems to reoccur and reactivate AppleMobilDeviceService.exe

which came on cd but may have been update from the web.
The big red 'back ground' really isn't. It is a webpage over

laying the background.
If you go to Display Properties - Customize Desktop - web It is

call privacy protection, uncheck that and it will dissappear when

you hit apply until you reboot.
I found it is coming from

file:///C:/WINDOWS/privacy_danger/images/spacer.gif
so I deleted the privacy_danger folder but it comes back in the

next boot
I think that it was connected to a file in C:\WINDOWS\Registration

called

{02D4B3F1-FD88-11D1-960D-00805FC79235}.{FC3B39D8-985E-4C67-B930-AE

6669F22FE6}.crmlog
so I tossed that in the recycle bin but it was still being used so

it wouldn't go.

I have a very limited boot up and noticed an 'atuflxto' item

the\at was new so I unchecked it and deleted atuflxto.dll from

C:\WINDOWS\system32 but got an access denied. it's time stamp it

close to when this all started. so I did run regedit and got rid

of it there. only for it to come back 5 minutes later with the

big red and the red biohazard sign advertising a virus remover.
only this time I GOT THE AUDIO OF WHAT SOUNDED LIKE IN ONLINE TV
STATION PLAYING A SEX SHOW!!! AND NOTHING NEW IS IN THE TASKMANAGER!!!

It also seems to cycle through different items that are opened.

Okay that is all I can get anyone got any ideas. I'll try to do a hyjackthis in a minute but I think that might bomb.

Arachia · 05-21-2008, 06:25 PM

here is the logs from CWShredder and Hyjack-This.

**** Run Keys ****

RUN: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
RUN: [nwiz] nwiz.exe /install
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [KBD] C:\HP\KBD\KBD.EXE
RUN: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

/auto
RUN: [ac22098a] rundll32.exe "C:\WINDOWS\system32\atuflxto.dll",b
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

**** Browser Helper Objects ****

BHO: [QXK Rhythm] C:\WINDOWS\nldfmtapxvt.dll
BHO: [QXK Rhythm] C:\WINDOWS\system32\ssqqNdec.dll
BHO: [ShoppingReport] C:\Program

Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
BHO: [ShoppingReport] C:\WINDOWS\system32\vtUmNDWM.dll
BHO: [ShoppingReport] C:\WINDOWS\system32\vtUmNDWM.dll
BHO: [DriveLetterAccess] C:\WINDOWS\system32\dla\tfswshx.dll
BHO: [SSVHelper Class] C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
BHO: [Google Toolbar Helper] c:\program

files\google\googletoolbar2.dll
BHO: [Google Toolbar Notifier BHO] C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

**** IE Toolbars ****

TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll
TOOLBAR: [gktxaspm] C:\WINDOWS\gktxaspm.dll

**** IE Extensions ****

IEExt: []
IEExt: [ShopperReports - Compare product prices]
IEExt: [ShopperReports - Compare travel rates]
IEExt: [ShopperReports - Compare travel rates]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 0.0.0.1 www.facebook.com
HOSTS: 0.0.0.2 facebook.com
HOSTS: 0.0.0.2 facebook.com

**** IE Settings ****

IEBypass: *.local
Default Page: http://go.microsoft.com/fwlink/?LinkId=69157
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.google.com

**** IE Context Menu (Right click) ****

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{7B378BAD-1A1B-4903-9C98-36D07AC35E60}]

SEQPACKET 5
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{7B378BAD-1A1B-4903-9C98-36D07AC35E60}]

DATAGRAM 5
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{E83D656B-AC52-4F21-889D-4F4A54CEEB3F}]

SEQPACKET 4
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{E83D656B-AC52-4F21-889D-4F4A54CEEB3F}]

DATAGRAM 4
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{B45FF219-2EC9-47D4-AC00-C4AFA4CC7564}]

SEQPACKET 0
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{B45FF219-2EC9-47D4-AC00-C4AFA4CC7564}]

DATAGRAM 0
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{62B049C2-D71E-4404-B114-CE88DBF848D3}]

SEQPACKET 1
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{62B049C2-D71E-4404-B114-CE88DBF848D3}]

DATAGRAM 1
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{D2DA7B32-DAF0-49CA-97E7-0F8EA61B7721}]

SEQPACKET 2
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{D2DA7B32-DAF0-49CA-97E7-0F8EA61B7721}]

DATAGRAM 2
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{9F139041-8C92-40EB-A58B-B9F67AC3F4DD}]

SEQPACKET 3
LSP: MSAFD NetBIOS

[\Device\NetBT_Tcpip_{9F139041-8C92-40EB-A58B-B9F67AC3F4DD}]

DATAGRAM 3

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

{166B1BCA-3F9C-11CF-8075-444553540000}

[http://download.macromedia.com/pub/s...irector/sw.cab

]
{17492023-C23A-453E-A040-C7C580BBF700}

[http://download.microsoft.com/downlo...54-aa20-495c-b

89f-c1c34c691085/LegitCheckControl.cab]

C:\WINDOWS\system32\LegitCheckControl.DLL
{3DCEC959-378A-4922-AD7E-FD5C925D927F}

[http://disney.go.com/pirates/online/...lt/signed/Disn

eyOnlineGames.cab]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}

[http://www.nvidia.com/content/Driver...0.0.1/sysreqla

b2.cab]
{6B75345B-AA36-438A-BBE6-4078B4C6984D}

[http://h20270.www2.hp.com/ediags/gmn...oductDetection.

cab]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

[http://www.update.microsoft.com/micr...V5Controls/en/

x86/client/muweb_site.cab?1193939347000]
{6F15128C-E66A-490C-B848-5000B5ABEEAC}

[https://h20436.www2.hp.com/ediags/de.../HPDEXAXO.cab]
{7FC1B346-83E6-4774-8D20-1A6B09B0E737}

[http://cid-2412d39e051747cb.spaces.l...pload/MsnPUpld.

cab] C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93}

[http://java.sun.com/update/1.6.0/jin...windows-i586.c

ab]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

[http://fpdownload.macromedia.com/get...rrent/ultrashi

m.cab]
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[http://javadl-esd.sun.com/update/1.5..._0_12-windows-

i586.cab]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[http://java.sun.com/update/1.6.0/jin...windows-i586.c

ab]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[http://java.sun.com/update/1.6.0/jin...windows-i586.c

ab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

[http://java.sun.com/update/1.6.0/jin...windows-i586.c

ab]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

[http://www.popcap.com/webgames/popcaploader_v10.cab]

**** Windows Services ****

[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[ANIWZCSdService] C:\Program Files\ANI\ANIWZCS2

Service\ANIWZCSdS.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state]

%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32]

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe

/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe

-k netsvcs
[gusvc] "C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[MHN] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe

/Processid:{3647D27E-C3E5-46DA-AD61-429DF5AAE770}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://www.google.com/ie
SEARCH: [SearchAssistant] http://www.google.com/ie
SEARCH: [CustomizeSearch]

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [Default_Search_URL] http://www.google.com/ie

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page]

http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.google.com
IEOPT: [NotifyDownloadComplete] no
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [HistoryViewType]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar] http://www.google.com/ie
IEOPT: [Enable Browser Extensions] yes
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [AlwaysShowMenus]
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [CompatibilityFlags]
IEOPT: [SearchMigrated]
IEOPT: [SearchMigratedDefaultName] Google
IEOPT: [SearchMigratedDefaultURL]

http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.

microsoft:en-US&ie=utf8&oe=utf8
IEOPT: [SearchMigratedInstalled]
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [StatusBarWeb]
IEOPT: [ControlTooltipCount]
IEOPT: [Save Directory] C:\Documents and Settings\malachi\My

Documents\
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [EnableSearchPane]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [AutoSearch]
IEOPT: [AutoHide] no
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [Default_Page_URL]

http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [Default_Search_URL]

http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Check_Associations] yes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:04 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 0.0.0.1 www.facebook.com
O1 - Hosts: 0.0.0.2 facebook.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: gktxaspm - {9CF47BCD-57A7-4591-BEA0-F37911D9D1EB} - C:\WINDOWS\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ac22098a] rundll32.exe "C:\WINDOWS\system32\atuflxto.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.merriam-webster.com
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193939347000
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2412d39e051747cb.spaces.l...d/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O21 - SSODL: gnowmebk - {2992B3E3-F03A-43B1-92BC-C5196C6868E0} - C:\WINDOWS\gnowmebk.dll
O21 - SSODL: pxgdslro - {622CA5DB-A778-48E6-907C-E7BD06D3EE02} - C:\WINDOWS\pxgdslro.dll
O21 - SSODL: BootCheck - {621e5d81-1172-4bf0-9c16-6d1bbb1f3b3d} - C:\WINDOWS\Resources\BootCheck.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5878 bytes

Okay that really is everything any thoughts

Cynthetiq · 05-21-2008, 06:56 PM

ShoppingReport.dll is the first suspect from my quick read... i'm still studying and researching some of the others... but shoppingreport is the culprit of the moment.

http://www.smartshopper.com/SmartShopper/Default.aspx

did you intend on installing this application?

03-28-2008, 12:16 PM	#1 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	New Virus, Please Help. Still can't beat this virus. Dell XPS410, Win Xp Pro. Says an Active Desktop to on with a Red Background with a big biohazard sign on it. Norton, Spybot, and ad aware can't seem to catch it. It's causing huge amounts of popups. I need some help. __________________ I like stuff.

03-28-2008, 03:09 PM	#2 (permalink)
Hain has a plan Location: middle of Whywouldanyonebethere	http://www.tfproject.org/tfp/showthr...t=126832#augi1 Try a-Squared, Housecall, AVG, CWShredder, and try posting a Hijack-This! log here and at their forums for assistance. If all else fails, you'll just have to DBAN your computer. //kidding// Also, try CCleaning your computer of all temp files. What do you use as a browser? What Norton are you using? Up to date? Etc. EDIT: Oh I already gave this advice. Where is the Hijack-This log? What are you doing online that is giving you all these viruses? __________________ ////\\// IRONSKY.NET \\//\\\\ Last edited by Hain; 03-28-2008 at 03:12 PM.. Reason: Automerged Doublepost

03-28-2008, 04:47 PM	#3 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	Here's the Hijack-this info. Newest Norton, newest everything, trust me. Not a newb but this one is kicking my ass. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:41:29 PM, on 3/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\vghd\vghd.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6070706 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {65255C76-B542-44A2-BA6F-2D6B2DF2DB34} - (no file) R3 - URLSearchHook: (no name) - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: GNX Bingo - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: TBSB02678 - {BDCA7AC9-C27B-4D30-A808-9B9081279C03} - C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-4.dll O2 - BHO: TBSB04757 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll (file missing) O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [Dell DataSafe Scheduler] C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.0.64\PlaxoHelper_en.exe -a O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe O8 - Extra context menu item: &Search - ?p=ZRfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: bokpkov - {77A17D2D-E12E-46B6-9A42-6066EBA42BED} - C:\WINDOWS\bokpkov.dll O21 - SSODL: altvxvm - {10AFEF02-A70D-4578-8234-8706725C4B95} - C:\WINDOWS\altvxvm.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 14487 bytes Please help me. __________________ I like stuff. Last edited by Wyodiver33; 03-28-2008 at 04:48 PM.. Reason: Automerged Doublepost*

03-28-2008, 04:55 PM	#4 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	question: you actually added the virtual girl HD and the freeze.com screensavesrs yourself? __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-28-2008, 04:56 PM	#5 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	No, I didn't. My Girlfriend did. __________________ I like stuff.

03-28-2008, 04:58 PM	#6 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	can you post a screenshot of the error? I'm having a hard time understanding the Active Desktop error __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-28-2008, 04:58 PM	#7 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	Please, help me. __________________ I like stuff.

03-28-2008, 04:59 PM	#8 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	and those free screensavers just suck ass... and used to contain more malware than funware. I dunno how they are today but I think they still suck ass. __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-28-2008, 05:00 PM	#9 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	I can turn off Active desktop for a while but then it's backs, Blood red, With A Biohazard sign First person who fixes this gets my Girl for fifteen minutes. She's hot, great rack. Oh well. She wouldn't have gone fore it anyway. __________________ I like stuff. Last edited by Wyodiver33; 03-28-2008 at 05:06 PM.. Reason: Automerged Doublepost

03-28-2008, 05:07 PM	#10 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	what does the error say specifically because you can get a similar error that just says your privacy is questionable. can you get a screenshot of it at all? __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-28-2008, 05:08 PM	#11 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	I just really need some help. __________________ I like stuff.

03-28-2008, 07:06 PM	#13 (permalink)
Wyodiver33 Just here for the beer. Location: Ft. Lauderdale, Floriduh	I did sign up for GMX email. Recently. Any ideas about that? They had a two page add in a computer mag and it sounded like a good service. I was quite happy with Gmail. __________________ I like stuff. Last edited by Wyodiver33; 03-28-2008 at 07:07 PM.. Reason: Automerged Doublepost

03-29-2008, 05:44 AM	#15 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	yes, I thing virtualgirl HD is suspect too. I've outgrown "look at the little stripper walking across my desktop" You may not be a newb, but you sure aren't skilled enough to get yourself out of this kind of trouble to be cruising these suspect type web sites you are going to. I go to them from time to time so that I can learn how to remove and prevent them from infecting my machine. oh duh. I just figured out what your active desktop biohazard warning image is. When you switch to active desktop, it opens the browser URL location as your desktop background. Which is set to this software referral, which is an error type screen by itself. Your virus systems aren't reporting it. It's reporting itself as an advertisement. I kept asking for a screenshot because screenshots give EXACT words and images that I can determine which kind of malware you got stuck with. It was the softwarereferral.com link that got me the answer. But it would have been faster to deduce if one can see the errors on the desktop as opposed to someone describing it. Follow the links and instructions I sent. Then tell your g/f to stop clicking on everything that moves, looks shiny and pretty, porn that wants to download anything codec, dialer, etc. AND you don't need that many toolbars. I don't care what kind of functionality you think is cool it's bloatware or spyware most of the time. __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

03-31-2008, 02:01 PM	#17 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	Wyodiver33 how'd that work out for you? __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION!

05-21-2008, 05:50 PM	#18 (permalink)
Arachia Upright	I got the same thing as this guy I know VirtuaGirl never on this computer here is what I do know. It seems to reoccur and reactivate AppleMobilDeviceService.exe which came on cd but may have been update from the web. The big red 'back ground' really isn't. It is a webpage over laying the background. If you go to Display Properties - Customize Desktop - web It is call privacy protection, uncheck that and it will dissappear when you hit apply until you reboot. I found it is coming from file:///C:/WINDOWS/privacy_danger/images/spacer.gif so I deleted the privacy_danger folder but it comes back in the next boot I think that it was connected to a file in C:\WINDOWS\Registration called {02D4B3F1-FD88-11D1-960D-00805FC79235}.{FC3B39D8-985E-4C67-B930-AE 6669F22FE6}.crmlog so I tossed that in the recycle bin but it was still being used so it wouldn't go. I have a very limited boot up and noticed an 'atuflxto' item the\at was new so I unchecked it and deleted atuflxto.dll from C:\WINDOWS\system32 but got an access denied. it's time stamp it close to when this all started. so I did run regedit and got rid of it there. only for it to come back 5 minutes later with the big red and the red biohazard sign advertising a virus remover. only this time I GOT THE AUDIO OF WHAT SOUNDED LIKE IN ONLINE TV STATION PLAYING A SEX SHOW!!! AND NOTHING NEW IS IN THE TASKMANAGER!!! It also seems to cycle through different items that are opened. Okay that is all I can get anyone got any ideas. I'll try to do a hyjackthis in a minute but I think that might bomb.

05-21-2008, 06:25 PM	#19 (permalink)
Arachia Upright	cwshredder and Hyjack this logs here is the logs from CWShredder and Hyjack-This. ** Run Keys RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" RUN: [nwiz] nwiz.exe /install RUN: [SoundMan] SOUNDMAN.EXE RUN: [KBD] C:\HP\KBD\KBD.EXE RUN: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto RUN: [ac22098a] rundll32.exe "C:\WINDOWS\system32\atuflxto.dll",b RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Browser Helper Objects BHO: [QXK Rhythm] C:\WINDOWS\nldfmtapxvt.dll BHO: [QXK Rhythm] C:\WINDOWS\system32\ssqqNdec.dll BHO: [ShoppingReport] C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll BHO: [ShoppingReport] C:\WINDOWS\system32\vtUmNDWM.dll BHO: [ShoppingReport] C:\WINDOWS\system32\vtUmNDWM.dll BHO: [DriveLetterAccess] C:\WINDOWS\system32\dla\tfswshx.dll BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar2.dll BHO: [Google Toolbar Notifier BHO] C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll IE Toolbars TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll TOOLBAR: [gktxaspm] C:\WINDOWS\gktxaspm.dll IE Extensions IEExt: [] IEExt: [ShopperReports - Compare product prices] IEExt: [ShopperReports - Compare travel rates] IEExt: [ShopperReports - Compare travel rates] IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe Hosts File Entries HOSTS: 127.0.0.1 localhost HOSTS: 0.0.0.1 www.facebook.com HOSTS: 0.0.0.2 facebook.com HOSTS: 0.0.0.2 facebook.com IE Settings ** IEBypass: .local Default Page: http://go.microsoft.com/fwlink/?LinkId=69157 Default Search: http://go.microsoft.com/fwlink/?LinkId=54896 Local Page: C:\WINDOWS\system32\blank.htm Search Bar: http://www.google.com/ie Search Page: http://www.google.com * IE Context Menu (Right click) Layered Service Providers LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7B378BAD-1A1B-4903-9C98-36D07AC35E60}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7B378BAD-1A1B-4903-9C98-36D07AC35E60}] DATAGRAM 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E83D656B-AC52-4F21-889D-4F4A54CEEB3F}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E83D656B-AC52-4F21-889D-4F4A54CEEB3F}] DATAGRAM 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B45FF219-2EC9-47D4-AC00-C4AFA4CC7564}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B45FF219-2EC9-47D4-AC00-C4AFA4CC7564}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62B049C2-D71E-4404-B114-CE88DBF848D3}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62B049C2-D71E-4404-B114-CE88DBF848D3}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2DA7B32-DAF0-49CA-97E7-0F8EA61B7721}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2DA7B32-DAF0-49CA-97E7-0F8EA61B7721}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F139041-8C92-40EB-A58B-B9F67AC3F4DD}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F139041-8C92-40EB-A58B-B9F67AC3F4DD}] DATAGRAM 3 Blocked Control Panel Items BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No Downloaded Program Files {166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/s...irector/sw.cab ] {17492023-C23A-453E-A040-C7C580BBF700} [http://download.microsoft.com/downlo...54-aa20-495c-b 89f-c1c34c691085/LegitCheckControl.cab] C:\WINDOWS\system32\LegitCheckControl.DLL {3DCEC959-378A-4922-AD7E-FD5C925D927F} [http://disney.go.com/pirates/online/...lt/signed/Disn eyOnlineGames.cab] {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [http://www.nvidia.com/content/Driver...0.0.1/sysreqla b2.cab] {6B75345B-AA36-438A-BBE6-4078B4C6984D} [http://h20270.www2.hp.com/ediags/gmn...oductDetection. cab] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [http://www.update.microsoft.com/micr...V5Controls/en/ x86/client/muweb_site.cab?1193939347000] {6F15128C-E66A-490C-B848-5000B5ABEEAC} [https://h20436.www2.hp.com/ediags/de.../HPDEXAXO.cab] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [http://cid-2412d39e051747cb.spaces.l...pload/MsnPUpld. cab] C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jin...windows-i586.c ab] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [http://fpdownload.macromedia.com/get...rrent/ultrashi m.cab] {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [http://javadl-esd.sun.com/update/1.5..._0_12-windows- i586.cab] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...windows-i586.c ab] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...windows-i586.c ab] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...windows-i586.c ab] {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [http://www.popcap.com/webgames/popcaploader_v10.cab] Windows Services [Alerter] %SystemRoot%\system32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe [ANIWZCSdService] C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [BITS] %SystemRoot%\system32\svchost.exe -k netsvcs [Browser] %SystemRoot%\system32\svchost.exe -k netsvcs [CiSvc] %SystemRoot%\system32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch [Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs [gusvc] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter [ImapiService] C:\WINDOWS\system32\imapi.exe [lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs [lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs [LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService [Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs [MHN] %SystemRoot%\System32\svchost.exe -k netsvcs [mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe [MSDTC] C:\WINDOWS\system32\msdtc.exe [MSIServer] C:\WINDOWS\system32\msiexec.exe /V [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\system32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [Nla] %SystemRoot%\system32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\system32\lsass.exe [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [NVSvc] %SystemRoot%\system32\nvsvc32.exe [PlugPlay] %SystemRoot%\system32\services.exe [PolicyAgent] %SystemRoot%\system32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\lsass.exe [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService [RpcLocator] %SystemRoot%\system32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\system32\rsvp.exe [SamSs] %SystemRoot%\system32\lsass.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [Spooler] %SystemRoot%\system32\spoolsv.exe [srservice] %SystemRoot%\system32\svchost.exe -k netsvcs [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc [SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{3647D27E-C3E5-46DA-AD61-429DF5AAE770} [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TermService] %SystemRoot%\System32\svchost -k DComLaunch [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [TlntSvr] C:\WINDOWS\system32\tlntsvr.exe [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService [UPS] %SystemRoot%\System32\ups.exe [VSS] %SystemRoot%\System32\vssvc.exe [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs [WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs Custom IE Search Items SEARCH: [SearchAssistant] http://www.google.com/ie SEARCH: [SearchAssistant] http://www.google.com/ie SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SEARCH: [Default_Search_URL] http://www.google.com/ie Complete IE Options ** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] yes IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Start Page] http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] http://www.google.com IEOPT: [NotifyDownloadComplete] no IEOPT: [FullScreen] no IEOPT: [Window_Placement] , IEOPT: [Use FormSuggest] yes IEOPT: [HistoryViewType] IEOPT: [AddToFavoritesExpanded] IEOPT: [Use Search Asst] no IEOPT: [Search Bar] http://www.google.com/ie IEOPT: [Enable Browser Extensions] yes IEOPT: [XMLHTTP] IEOPT: [UseClearType] yes IEOPT: [AlwaysShowMenus] IEOPT: [Play_Background_Sounds] yes IEOPT: [Play_Animations] yes IEOPT: [CompatibilityFlags] IEOPT: [SearchMigrated] IEOPT: [SearchMigratedDefaultName] Google IEOPT: [SearchMigratedDefaultURL] http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com. microsoft:en-US&ie=utf8&oe=utf8 IEOPT: [SearchMigratedInstalled] IEOPT: [RunOnceHasShown] IEOPT: [RunOnceComplete] IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [StatusBarWeb] IEOPT: [ControlTooltipCount] IEOPT: [Save Directory] C:\Documents and Settings\malachi\My Documents\ IEOPT: [Expand Alt Text] no IEOPT: [Move System Caret] no IEOPT: [NscSingleExpand] IEOPT: [DisableScriptDebuggerIE] yes IEOPT: [Page_Transitions] IEOPT: [FavIntelliMenus] no IEOPT: [UseThemes] IEOPT: [EnableSearchPane] IEOPT: [Force Offscreen Composition] IEOPT: [AllowWindowReuse] IEOPT: [Friendly http errors] yes IEOPT: [SmoothScroll] IEOPT: [Enable AutoImageResize] yes IEOPT: [Show image placeholders] IEOPT: [Print_Background] no IEOPT: [AutoSearch] IEOPT: [AutoHide] no IEOPT: [ShowedCheckBrowser] Yes IEOPT: [Check_Associations] no IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=69157 IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896 IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896 IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] %SystemRoot%\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] http://go.microsoft.com/fwlink/?LinkId=69157 IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [Default_Secondary_Page_URL] IEOPT: [Extensions Off Page] about:NoAdd-ons IEOPT: [Security Risk Page] about:SecurityRisk IEOPT: [Check_Associations] yes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:04 PM, on 5/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 0.0.0.1 www.facebook.com O1 - Hosts: 0.0.0.2 facebook.com O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: gktxaspm - {9CF47BCD-57A7-4591-BEA0-F37911D9D1EB} - C:\WINDOWS\gktxaspm.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ac22098a] rundll32.exe "C:\WINDOWS\system32\atuflxto.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.merriam-webster.com O15 - Trusted Zone: http://www.runescape.com O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193939347000 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2412d39e051747cb.spaces.l...d/MsnPUpld.cab O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab O21 - SSODL: gnowmebk - {2992B3E3-F03A-43B1-92BC-C5196C6868E0} - C:\WINDOWS\gnowmebk.dll O21 - SSODL: pxgdslro - {622CA5DB-A778-48E6-907C-E7BD06D3EE02} - C:\WINDOWS\pxgdslro.dll O21 - SSODL: BootCheck - {621e5d81-1172-4bf0-9c16-6d1bbb1f3b3d} - C:\WINDOWS\Resources\BootCheck.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 5878 bytes Okay that really is everything any thoughts

05-21-2008, 06:56 PM	#20 (permalink)
Cynthetiq Tilted Cat Head Administrator Location: Manhattan, NY	ShoppingReport.dll is the first suspect from my quick read... i'm still studying and researching some of the others... but shoppingreport is the culprit of the moment. http://www.smartshopper.com/SmartShopper/Default.aspx did you intend on installing this application? __________________ I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. What's the best nation in the world? DO-NATION! Last edited by Cynthetiq; 05-21-2008 at 06:58 PM.. Reason: Automerged Doublepost