adware.pigsearch files are undeletable [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

adware.pigsearch files are undeletable [RESOLVED] 10-12 listed files found w/Norton Anti can't delete

#1 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 23 June 2006 - 10:50 PM

My system has been infected with the adware.pigsearch trojan horse. I have run multiple spyware applications and Norton, and tried the Symantec instruction, but the files will not delete. Need some help to clean my system

Thanks

#2 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 23 June 2006 - 10:55 PM

Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:54 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Home Setup\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - HKLM\..\Run: [PigUpdate] C:\DOCUME~1\HOMESE~1\LOCALS~1\Temp\~exC.exe
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0BC225EF-E7BF-42EA-A328-59B204B129D3} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {5222BA9E-5292-444B-B1B1-BC40B3A10CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7DC615D7-B81A-497D-B7A7-167FE11E8626} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricochetl...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103258004981
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave...shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O18 - Protocol: bw+0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#3 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 24 June 2006 - 08:58 PM

Hi malmazan

Welcome to GTG! :whistling:

* First please run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#4 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 25 June 2006 - 10:46 PM

Incident Status Location

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@belnk[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@dist.belnk[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@i.screensavers[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Home Setup\Local Settings\Temp\Cookies\home setup@rn11[2].txt

Logfile of HijackThis v1.99.1
Scan saved at 11:42:39 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home Setup\Desktop\Hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - HKLM\..\Run: [PigUpdate] C:\DOCUME~1\HOMESE~1\LOCALS~1\Temp\~exC.exe
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0BC225EF-E7BF-42EA-A328-59B204B129D3} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {5222BA9E-5292-444B-B1B1-BC40B3A10CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7DC615D7-B81A-497D-B7A7-167FE11E8626} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricochetl...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103258004981
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave...shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O18 - Protocol: bw+0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


Uninstall list
Active Disk
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7
ArcSoft PhotoImpression 3.0
BroadJump Client Foundation
ccCommon
CCScore
ComcastSUPPORT
Co-Pilot - iWon
CR2
Dell Picture Studio - Image Expert 2000
Dell ResourceCD
Desktop Doctor
Desktop Weather by The Weather Channel
DivX
DLA
Dune 2000
EPSON Copy Utility
EPSON Online Reference Guide
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN FB
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
hp dvd writer
HP Memories Disc
ICQ
InCD EasyWrite Reader
Internet Worm Protection
IomegaWare 4.0.2
iWon Prize Machine
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_15
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech Resource Center
Lucent Win Modem
Macromedia Director MX 2004
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2005
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Windows Journal Viewer
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Modem Helper
Modem User Guide
Nero OEM
NeroMediaPlayer
NeroVision Express 2
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
PhoneTools
PowerDVD
QuickTime
RealPlayer
RecordNow
Rhapsody
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Service Agent
SFR
SFR2
SHASTA
Shockwave
Shockwave Player
ShowBiz DVD
Simple Backup
SKIN0001
SKINXSDK
Skype 1.4
Sound Blaster Live! Value
SPBBC
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Symantec
Symantec Script Blocking Installer
SymNet
TaxCut 2004
TaxCut Deluxe 2005
The Weather Channel
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
VPRINTOL
WarheadsSE 1.52 Shareware
Weather Services
Webster's World Encyclopedia 2004
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
WIRELESS

#5 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 26 June 2006 - 07:20 PM

* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.



* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_15
Viewpoint Manager (Remove Only)


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe

O4 - HKLM\..\Run: [PigUpdate] C:\DOCUME~1\HOMESE~1\LOCALS~1\Temp\~exC.exe

O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"

Fix ALL the O18 entries like this one:

O18 - Protocol: bw+0 - {AA9A254D-1A26-4CC4-8174-59DFF0EA8A0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\HuaCi

    C:\DOCUME~1\HOMESE~1\LOCALS~1\Temp\~exC.exe

    C:\Program Files\SearchNet


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.

* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.

      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

  • Click Exit on the Main menu to close the program.


* Restart back into Windows normally now.


* Now go here and install the latest version of Java.


* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

#6 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 27 June 2006 - 02:27 AM

Thanks for the help

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 27, 2006 3:24:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/06/2006
Kaspersky Anti-Virus database records: 203039
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87475
Number of viruses found: 8
Number of infected objects: 55 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:03:46

Infected Object Name / Virus Name / Last Action
C:\!KillBox\HuaCi\huaci\Mouse1.dll Infected: not-a-virus:AdWare.Win32.WSearch.b skipped
C:\!KillBox\HuaCi\huaci\mUin.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\!KillBox\HuaCi\huaci\SearchM.dll Infected: not-a-virus:AdWare.Win32.WSearch.a skipped
C:\!KillBox\HuaCi\huaci\zsearch.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\!KillBox\HuaCi\huaci\zsup.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\!KillBox\SearchNet\SearchNet.exe Object is locked skipped
C:\!KillBox\SearchNet\ServeHost.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\!KillBox\SearchNet\ServeUp.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\!KillBox\SearchNet\SrvNet32.dll Object is locked skipped
C:\!KillBox\SearchNet\SvrDefend.dll Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-06-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Home Setup\Application Data\Sun\Java\Deployment\log\plugin150_07.trace Object is locked skipped
C:\Documents and Settings\Home Setup\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Application Data\Identities\{3FA92888-B4D9-4CC3-9998-62651B15102A}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Application Data\Identities\{3FA92888-B4D9-4CC3-9998-62651B15102A}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Application Data\Identities\{3FA92888-B4D9-4CC3-9998-62651B15102A}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\hsperfdata_Home Setup\2952 Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\me_4iuLY2zLca2n77R Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\me_AScXEIeC6Wej5LJ Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\me_caTAKOyO88Zu65b Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\me_RD3bkhHLYyi0WrU Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temp\me_xdRdKlc86nKHuRf Object is locked skipped
C:\Documents and Settings\Home Setup\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home Setup\ntuser.dat Object is locked skipped
C:\Documents and Settings\Home Setup\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\HuaCi\huaci\Mouse1.dll Infected: not-a-virus:AdWare.Win32.WSearch.b skipped
C:\Program Files\HuaCi\huaci\mUin.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\HuaCi\huaci\SearchM.dll Infected: not-a-virus:AdWare.Win32.WSearch.a skipped
C:\Program Files\HuaCi\huaci\zsearch.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\HuaCi\huaci\zsup.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\Program Files\HuaCi\update\mUin.exe.dat/mUin.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\HuaCi\update\mUin.exe.dat CAB: infected - 1 skipped
C:\Program Files\HuaCi\update\reg.exe.dat/reg.exe Infected: not-a-virus:AdWare.Win32.WSearch.j skipped
C:\Program Files\HuaCi\update\reg.exe.dat CAB: infected - 1 skipped
C:\Program Files\HuaCi\update\SearchM.dll.dat/SearchM.dll Infected: not-a-virus:AdWare.Win32.WSearch.a skipped
C:\Program Files\HuaCi\update\SearchM.dll.dat CAB: infected - 1 skipped
C:\Program Files\HuaCi\update\zpig.exe.dat/zpig.exe Infected: not-a-virus:AdWare.Win32.WSearch.h skipped
C:\Program Files\HuaCi\update\zpig.exe.dat CAB: infected - 1 skipped
C:\Program Files\HuaCi\update\zsearch.exe.dat/zsearch.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\HuaCi\update\zsearch.exe.dat CAB: infected - 1 skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\L0000010.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Home Setup\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\4A295593.tmp Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat/zsearch.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AD93DA5.tmp Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ADC67A1.dat/mUin.exe Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ADC67A1.dat CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ADC67A1.dat CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AE0119E.dat/SearchM.dll Infected: not-a-virus:AdWare.Win32.WSearch.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AE0119E.dat CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7AE0119E.dat CryptFF: infected - 1 skipped
C:\Program Files\SearchNet\SearchNet.exe Object is locked skipped
C:\Program Files\SearchNet\ServeHost.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\Program Files\SearchNet\SrvNet32.dll Object is locked skipped
C:\Program Files\SearchNet\SvrDefend.dll Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\A0000013.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\A0000029.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.WSearch.b skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WSearch.a skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-4.DAT Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP10\A0000619.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP10\A0000620.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000624.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000625.dll Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\change.log Object is locked skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP4\A0000105.exe Infected: not-a-virus:AdWare.Win32.WSearch.d skipped
C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP4\A0000113.exe Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8998F63F-F6FF-4F91-A011-A7516E0D76CE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\aabhor.sys Infected: Trojan-Spy.Win32.Agent.iw skipped
C:\WINDOWS\system32\drivers\abhcop.sys Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\WINDOWS\system32\drivers\FAD.sys Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\WINDOWS\system32\drivers\hcalway.sys Infected: not-a-virus:AdWare.Win32.WSearch.g skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 3:25:10 AM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

Updater.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home Setup\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://my.iwon.com/i...G=home&SEC=bnav
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program

Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics

2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe"

/admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe

/cleaneahtioga /start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft

Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common

Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe"

/minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money

Express.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image

Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak

EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software

Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0BC225EF-E7BF-42EA-A328-59B204B129D3} -

http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {5222BA9E-5292-444B-B1B1-BC40B3A10CCA} -

http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7DC615D7-B81A-497D-B7A7-167FE11E8626} -

http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -

https://support.micr...ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -

http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://www.shockwave.com/content/ricochetl...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co...t/wuweb_site.ca

b?1103258004981
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) -

http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -

http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) -

https://a248.e.akamai.net/f/248/5462/2h/www...perations/symbi

zpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -

http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -

http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

http://www.shockwave...shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON

CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation

- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exe (file

missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation -

C:\Program Files\Iomega\AutoDisk\ADService.exe

#7 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 28 June 2006 - 06:22 AM

* Go here and download the Free Trial version of SpySweeper.
  • Click on "Download the trial" on the right side of the page.
  • Save the ssfsetup file to your desktop or somewhere convenient.
  • Doubleclick the ssfsetup file to begin the setup.
  • Follow the prompts to complete the installation then click "Finish" and Spysweeper should launch.
  • When it first opens, Spysweeper will prompt you to "Check for Updated Definitions"
  • Click "Yes" and dowload the updates.
  • After the updated definitons are downloaded restart your computer into safe mode.
  • Once in safe mode start SpySweeper. Click the "Options" button on the left.
  • Under "What to Sweep", select ALL the boxes there.
  • Click the "Sweep" button on the left then click "Start" to begin the scan.
  • When it's finished scanning, click the "Next" button.
  • Make sure everything has a check next to it by clicking the "Select All" button.
  • Click the "Next" button and it will remove the selected entries.
  • Click "Finish" then exit Spysweeper.
  • Restart your computer back to Windows normally.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

Note: You have to use Internet Explorer to do the online scan.

Note: Before you post the next Hijack This log, open it in notepad and go to Format and uncheck Word Wrap.

#8 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 28 June 2006 - 09:01 PM

BitDefender Online Scanner



Scan report generated at: Wed, Jun 28, 2006 - 21:55:31





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
02:28:08

Files
292595

Folders
5418

Boot Sectors
2

Archives
6513

Packed Files
20188




Results

Identified Viruses
4

Infected Files
24

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
29




Engines Info

Virus Definitions
392181

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.exe=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E4D2008.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E5D71F6.dll=>(Quarantine-2)
Detected with: Adware.Msearch.N

C:\Program Files\Norton AntiVirus\Quarantine\1E5D71F6.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E5D71F6.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E6445EF.exe=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\Norton AntiVirus\Quarantine\1E6445EF.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E6445EF.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E676FEB.dat=>(Quarantine-2)=>zsearch.exe
Detected with: Adware.Wsearch.G

C:\Program Files\Norton AntiVirus\Quarantine\1E676FEB.dat=>(Quarantine-2)=>zsearch.exe
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E676FEB.dat=>(Quarantine-2)=>zsearch.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E676FEB.dat=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat=>(Quarantine-2)=>zsearch.exe
Detected with: Adware.Wsearch.G

C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat=>(Quarantine-2)=>zsearch.exe
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat=>(Quarantine-2)=>zsearch.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\55BA1192.dat=>(Quarantine-2)
Update failed

C:\Program Files\SearchNet\ServeHost.exe
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\SearchNet\ServeHost.exe
Disinfection failed

C:\Program Files\SearchNet\ServeHost.exe
Delete failed

C:\Program Files\SearchNet\SrvNet32.dll
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\SearchNet\SrvNet32.dll
Disinfection failed

C:\Program Files\SearchNet\SrvNet32.dll
Delete failed

C:\Program Files\SearchNet\SvrDefend.dll
Infected with: Trojan.Spy.Agent.IW

C:\Program Files\SearchNet\SvrDefend.dll
Disinfection failed

C:\Program Files\SearchNet\SvrDefend.dll
Delete failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-2.DAT
Detected with: Adware.Msearch.N

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-2.DAT
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP1\snapshot\MFEX-2.DAT
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP10\A0000620.exe
Infected with: Trojan.Spy.Agent.BF

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP10\A0000620.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP10\A0000620.exe
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000624.exe
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000624.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000624.exe
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000625.dll
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000625.dll
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP11\A0000625.dll
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001039.exe
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001039.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001039.exe
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001040.dll
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001040.dll
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001040.dll
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001041.dll
Detected with: Adware.Msearch.N

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001041.dll
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001041.dll
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001044.exe
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001044.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001044.exe
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001094.exe
Infected with: Trojan.Spy.Agent.BF

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001094.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001094.exe
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001095.dll
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001095.dll
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP13\A0001095.dll
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001116.dll=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001116.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001116.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001117.exe=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001117.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001117.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001118.dll=>(Quarantine-2)
Detected with: Adware.Msearch.N

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001118.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001118.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001119.exe=>(Quarantine-2)
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001119.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP14\A0001119.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP4\A0000113.exe
Infected with: Trojan.Spy.Agent.IW

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP4\A0000113.exe
Disinfection failed

C:\System Volume Information\_restore{331EA711-8BDC-4C15-854B-E925C25C5BEC}\RP4\A0000113.exe
Deleted



Logfile of HijackThis v1.99.1
Scan saved at 9:59:35 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Home Setup\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0BC225EF-E7BF-42EA-A328-59B204B129D3} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {5222BA9E-5292-444B-B1B1-BC40B3A10CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7DC615D7-B81A-497D-B7A7-167FE11E8626} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricochetl...bGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103258004981
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave...shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#9 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 June 2006 - 03:53 PM

How is your computer running now?

One thing to note is that you have both SpySweeper and Ewido running their active spyware protection. You need to run one or the other, not both.

#10 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 29 June 2006 - 05:30 PM

Norton Antivirus is still pulling up 3 files. I still can't delete these 3:
anfad.sys
fad.sys
servehost.exe

The one marked trojan horses are gone. These 3 are listed as adware.pigsearch

Should I uninstall Spysweeper?

#11 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 30 June 2006 - 01:51 PM

Please tell me the exact file path to the files. For instance, if anfad.sys is in the System32 folder the file path would be c:\Windows\System32\anfad.sys. Give me the path to each of those files it found.

If you do not intend to purchase Spysweeper, yes, uninstall it.

How is everything else other than the files Norton is finding?

#12 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 30 June 2006 - 06:27 PM

C:\windows\system32\drivers\anfad.sys
C:\windows\system32\drivers\fad.sys
c:\program files\searchnet\servehost.exe

there are other files in the searchnet folder: _uninstall, allverx.dat, searchnet.exe, servehost.exe, setup.exe.dat, srvnet32.dll, srvdefend.dll, uninstall.exe

The rest of my system seems to functioning properly.

#13 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 01 July 2006 - 01:07 PM

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\windows\system32\drivers\anfad.sys

    C:\windows\system32\drivers\fad.sys

    c:\program files\searchnet


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log and report back what the Housecall scan found.

#14 malmazan

  • Group: Member
  • Posts: 9
  • Joined: 23-June 06

Posted 02 July 2006 - 10:00 PM

KIllbox was unable to delete the 2 files and the directory.
Housecall detected some minor stuff, but nothing realted to the 2 files or the searchnet directory.


Logfile of HijackThis v1.99.1
Scan saved at 10:40:12 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home Setup\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0BC225EF-E7BF-42EA-A328-59B204B129D3} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {5222BA9E-5292-444B-B1B1-BC40B3A10CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {7DC615D7-B81A-497D-B7A7-167FE11E8626} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricochetl...bGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103258004981
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/c..._12_1,0,2,5.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave...shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Log - Unknown owner - C:\WINDOWS\system32\ServeHost.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#15 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 03 July 2006 - 03:29 PM

1. Click here to download The Avenger by Swandog46 and save it to your desktop.
  • Right click on Avenger.zip and choose "Extract All" extract the avenger.exe file.
  • Extract it to your desktop
2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C) or right clicking it and choosing "Copy":

Quote

Drivers to unload:
anfad
fad

Files to delete:
C:\windows\system32\drivers\anfad.sys
C:\windows\system32\drivers\fad.sys

Folders to delete:
c:\program files\searchnet


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Come back here to this thread. Copy and paste the contents of c:\avenger.txt into your reply along with a fresh HJT log .

Share this topic:


  • 2 Pages +
  • 1
  • 2