Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

iexplore as bg process, system WONT STAY CLEAN... [RESOLVED]


  • This topic is locked This topic is locked

#16
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yep, just delete the Kazaa folder if you uninstalled it already.
Limewire, if it is the latest version, which I hope it is, should be "clean". Hovewer, if you have an older version, they came bundled with malware. You can leave it alone.
Follow the instructions whenever you have time. :tazz:
  • 0

Advertisements


#17
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yet again, finished. There was a folder from Kazaa Lite (also uninstalled) still in the program files, so I deleted that too.


********
1:38 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:38 PM: Spy Sweeper started
1:38 PM: Sweep initiated using definitions version 511
1:38 PM: Starting Memory Sweep
1:43 PM: Memory Sweep Complete, Elapsed Time: 00:04:17
1:43 PM: Starting Registry Sweep
1:43 PM: Found Adware: apropos
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\aprps\ (7 subtraces) (ID = 103740)
1:43 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
1:43 PM: Found Adware: begin2search
1:43 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
1:43 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
1:43 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
1:43 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
1:43 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
1:43 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
1:43 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
1:43 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
1:43 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
1:43 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
1:43 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
1:43 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
1:43 PM: Found Adware: begin2search hijack
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\microsoft\internet explorer\ || searchurl (ID = 104274)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\microsoft\internet explorer\ || searchurl (ID = 104274)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\microsoft\internet explorer\search\ || searchassistant (ID = 104278)
1:43 PM: Found Adware: bookedspace
1:43 PM: HKLM\software\configuration manager\cfgmgr52\ (110 subtraces) (ID = 104873)
1:43 PM: HKLM\software\microsoft\windows\currentversion\run\ || cfgmgr52 (ID = 104883)
1:43 PM: Found Adware: cas
1:43 PM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
1:43 PM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
1:43 PM: Found Adware: coolsavings
1:43 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
1:43 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
1:43 PM: Found Adware: daily toolbar
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\nix solutions\animetoolbar\ (2 subtraces) (ID = 124630)
1:43 PM: Found Adware: elitebar
1:43 PM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
1:43 PM: Found Adware: elitebar searchmiracle hijacker
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\ || searchurl (ID = 125775)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\main\ || search page (ID = 125777)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\main\ || search bar (ID = 125778)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 125779)
1:43 PM: Found Adware: drsnsrch.com hijack
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:43 PM: Found Adware: 180search assistant/zango
1:43 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ncaseinstaller.dll (ID = 135764)
1:43 PM: Found Trojan Horse: trojan-downloader-pacisoft
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\psof1\ (16 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\psof1\ (9 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\psof1\ (14 subtraces) (ID = 136530)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\psof1\ (2 subtraces) (ID = 136530)
1:43 PM: Found Adware: surfsidekick
1:43 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
1:43 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:43 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
1:43 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\surfsidekick3\ (2 subtraces) (ID = 143412)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\surfsidekick3\ (3 subtraces) (ID = 143412)
1:43 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
1:43 PM: Found Adware: syncroad
1:43 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/syncroadx.dll\ (2 subtraces) (ID = 143513)
1:43 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\syncroadx.dll (ID = 143515)
1:43 PM: Found Trojan Horse: trojan-downloader-topinstalls
1:43 PM: HKLM\software\microsoft\windows\currentversion\run\ || wintask driver (ID = 144815)
1:43 PM: Found Adware: abetterinternet
1:43 PM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\cas\client\ (11 subtraces) (ID = 359309)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\microsoft\windows\currentversion\run\ || cas client (ID = 359312)
1:43 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1006\software\aurora\ (18 subtraces) (ID = 360174)
1:43 PM: Found Adware: shopnavupdater
1:43 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 491138)
1:43 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491147)
1:43 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 491156)
1:43 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 491215)
1:43 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 491224)
1:43 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 491285)
1:43 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 491294)
1:43 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 491303)
1:43 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491312)
1:43 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 491321)
1:43 PM: Found Adware: drsnsrch hijacker
1:43 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
1:43 PM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
1:43 PM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
1:43 PM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
1:43 PM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
1:43 PM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
1:43 PM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
1:43 PM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
1:44 PM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
1:44 PM: Found Adware: ieplugin
1:44 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
1:44 PM: HKU\S-1-5-21-2888137882-1203367206-2587936551-1008\software\dsrch\ (11 subtraces) (ID = 509156)
1:44 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1009\software\dsrch\ (4 subtraces) (ID = 509156)
1:44 PM: HKU\WRSS_Profile_S-1-5-21-2888137882-1203367206-2587936551-1010\software\dsrch\ (2 subtraces) (ID = 509156)
1:44 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
1:44 PM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 509172)
1:44 PM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
1:44 PM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
1:44 PM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
1:44 PM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
1:44 PM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
1:44 PM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
1:44 PM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
1:44 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
1:44 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
1:44 PM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
1:44 PM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
1:44 PM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
1:44 PM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
1:44 PM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
1:44 PM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
1:44 PM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
1:44 PM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
1:44 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
1:44 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
1:44 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
1:44 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
1:44 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
1:44 PM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
1:44 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
1:44 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
1:44 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
1:44 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
1:44 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
1:44 PM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
1:44 PM: Found Adware: rich editor
1:44 PM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
1:44 PM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
1:44 PM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
1:44 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
1:44 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
1:44 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
1:44 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
1:44 PM: Registry Sweep Complete, Elapsed Time:00:00:48
1:44 PM: Starting Cookie Sweep
1:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:44 PM: Starting File Sweep
1:44 PM: c:\program files\windows syncroad (ID = -2147480177)
1:44 PM: Found Adware: savenow - whenusave
1:44 PM: c:\documents and settings\dan 3rd\start menu\programs\whenu (3 subtraces) (ID = -2147480383)
1:44 PM: Found Trojan Horse: trojan-downloader-bookedspace
1:44 PM: c:\windows\cfgmgr52 (4 subtraces) (ID = -2147479590)
1:45 PM: Found Adware: windows afa internet enhancement
1:45 PM: a0088336.exe (ID = 90525)
1:45 PM: Found Adware: bonzi buddy
1:45 PM: bbshortcut.ico (ID = 51620)
1:45 PM: Found Adware: downloadware
1:45 PM: webinstall.exe (ID = 59312)
1:46 PM: Found Adware: parisvoyeur dialer
1:46 PM: a0087955.ico (ID = 71884)
1:49 PM: a0088287.dll (ID = 122356)
1:51 PM: sskknwrd.dll (ID = 77733)
1:59 PM: a0088271.exe (ID = 120996)
1:59 PM: zango.lnk (ID = 91109)
1:59 PM: zango.lnk (ID = 91109)
1:59 PM: a0088198.ico (ID = 51033)
1:59 PM: a0088350.dll (ID = 120160)
1:59 PM: a0088288.dll (ID = 121034)
1:59 PM: Found Adware: bargain buddy
1:59 PM: installer_marketing48x.exe (ID = 116175)
1:59 PM: installer_marketing48x.exe (ID = 116175)
2:00 PM: winb2s33.dll (ID = 51081)
2:00 PM: a0088206.ico (ID = 51033)
2:01 PM: Found Adware: netpal
2:01 PM: big fish games.url (ID = 70885)
2:01 PM: flyordie games.url (ID = 70890)
2:01 PM: osd1a2b.osd (ID = 57398)
2:01 PM: belt.inf (ID = 83154)
2:01 PM: File Sweep Complete, Elapsed Time: 00:17:28
2:01 PM: Full Sweep has completed. Elapsed time 00:22:48
2:01 PM: Traces Found: 793
2:21 PM: Removal process initiated
2:22 PM: Quarantining All Traces: apropos
2:22 PM: Quarantining All Traces: begin2search
2:22 PM: Quarantining All Traces: begin2search hijack
2:22 PM: Quarantining All Traces: bookedspace
2:22 PM: Quarantining All Traces: cas
2:22 PM: Quarantining All Traces: coolsavings
2:22 PM: Quarantining All Traces: daily toolbar
2:22 PM: Quarantining All Traces: elitebar
2:22 PM: Quarantining All Traces: elitebar searchmiracle hijacker
2:22 PM: Quarantining All Traces: drsnsrch.com hijack
2:22 PM: Quarantining All Traces: 180search assistant/zango
2:22 PM: Quarantining All Traces: trojan-downloader-pacisoft
2:22 PM: Quarantining All Traces: surfsidekick
2:22 PM: Quarantining All Traces: syncroad
2:22 PM: Quarantining All Traces: trojan-downloader-topinstalls
2:22 PM: Quarantining All Traces: abetterinternet
2:22 PM: Quarantining All Traces: shopnavupdater
2:22 PM: Quarantining All Traces: drsnsrch hijacker
2:22 PM: Quarantining All Traces: ieplugin
2:22 PM: Quarantining All Traces: rich editor
2:22 PM: Quarantining All Traces: savenow - whenusave
2:22 PM: Quarantining All Traces: trojan-downloader-bookedspace
2:22 PM: Quarantining All Traces: windows afa internet enhancement
2:22 PM: Quarantining All Traces: bonzi buddy
2:22 PM: Quarantining All Traces: downloadware
2:22 PM: Quarantining All Traces: parisvoyeur dialer
2:22 PM: Quarantining All Traces: bargain buddy
2:22 PM: Quarantining All Traces: netpal
2:22 PM: Removal process completed. Elapsed time 00:00:50
********
1:38 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:38 PM: Spy Sweeper started
1:38 PM: Sweep initiated using definitions version 511
1:38 PM: Starting Memory Sweep
1:38 PM: Sweep Canceled
1:38 PM: Memory Sweep Complete, Elapsed Time: 00:00:18
1:38 PM: Traces Found: 0
1:38 PM: |··· End of Session, Saturday, August 06, 2005 ···|
********
1:35 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
1:35 PM: Spy Sweeper started
1:35 PM: Your spyware definitions have been updated.
1:38 PM: |··· End of Session, Saturday, August 06, 2005 ···|




Logfile of HijackThis v1.99.1
Scan saved at 2:25:56 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\WINDOWS\system32\devldr32.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096383738309
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure2.true.../TrueConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#18
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#19
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The Kaspersky came up clean. I'm hoping that means it is?

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, August 06, 2005 17:26:08
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 6/08/2005
Kaspersky Anti-Virus database records: 134090
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102950
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 7768 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 5:28:51 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\WINDOWS\system32\devldr32.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096383738309
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure2.true.../TrueConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#20
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Not quite yet, we have one more thing to do and it should be done then.

Please print these instructions out, or write them down, as you can't read them during the fix. Be sure to ask any questions before proceeding the fix. (Might be easier if you first read through the instructions, then ask, then follow them.)
  • Download DSRFIX from HERE onto your Desktop.
  • Unzip and EXTRACT the files to your Desktop.
  • The program creates and names the new folder to house the files.
  • DO NOT RUN IT YET
  • Download Cleanup from Here (Alternate site if the above is not working Go Here)
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET
  • CLOSE INTERNET EXPLORER, if it is open
  • Open the folder dsrfix
  • Double click on the dsrfix batch file( the one with the little gear in it )
  • Once dsrfix has completed it will close on its own
  • Run Cleanup
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
  • REBOOT your system.
  • Please restart HJT and post back a fresh HJT log for review.
//credit Atribune

- Rawe :tazz:
  • 0

#21
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
DSR fix basically flashed on and then off again. Is it supposed to run that fast?
  • 0

#22
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, at least we'll see if it works or not. Please proceed with the rest of the fix :tazz:
  • 0

#23
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:04:26 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\Program Files\Netropa\OSD.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096383738309
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure2.true.../TrueConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#24
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\WINDOWS\system32\lanbrup.exe
  • Click on the submit button
  • Please post the results in your next reply.
Repeat the steps for this file;
C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

Fix this in HiJackThis;
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

- Rawe :tazz:

Edited by Rawe, 06 August 2005 - 04:14 PM.

  • 0

#25
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Got this:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

for both files. Should I disable the firewall and try it again?
  • 0

Advertisements


#26
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, run a scan with HiJackThis, check the following for removal;

O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe

Close any open windows than HJT,
Hit "Fix Checked".
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\system32\lanbrup.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "Yes".
Post a fresh log.
  • 0

#27
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:10:34 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096383738309
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure2.true.../TrueConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#28
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There yourfavoritedork ;)

I will be taking over from Rawe on this log. Let me have a read through the history and get familiar with it and then I will post again. :tazz:


UKBiker
  • 0

#29
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi again yourfavoritedork :tazz:

Ok, run a scan with HiJackThis. Close all programs leaving only HijackThis running. Place a check against this item

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll

Click on Fix Checked when finished and exit HijackThis.

Reboot and post me a new HJT log here please.

UKBiker
  • 0

#30
yourfavoritedork

yourfavoritedork

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:46:37 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\drivers\ACMonitor_X73.exe
C:\drivers\AcBtnMgr_X73.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\COMMON~1\AOL\111767~1\EE\AOLServiceHost.exe
C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\HijackThis (this is ok)\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] c:\drivers\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] c:\drivers\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117673277\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Program Files\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {54E891A8-8D88-4B02-B75A-D87ECA896DFA} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C1436375-774A-47AA-8076-89E106C39987} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {F1CA8DB3-3EC4-4995-921F-F033A9343988} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096383738309
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure2.true.../TrueConfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D37956-3E46-4847-9000-9D2315E8D252}: NameServer = 209.137.171.10,209.137.171.20
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Harmony - Unknown owner - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP