Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Same old, Aurora and Winfixer, among other things [RESOLVED]


  • This topic is locked This topic is locked

#31
Zaphod18

Zaphod18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ahh gotcha

********
2:14 PM: |··· Start of Session, Monday, August 29, 2005 ···|
2:14 PM: Spy Sweeper started
2:14 PM: Sweep initiated using definitions version 523
2:14 PM: Starting Memory Sweep
2:19 PM: Memory Sweep Complete, Elapsed Time: 00:04:40
2:19 PM: Starting Registry Sweep
2:19 PM: Registry Sweep Complete, Elapsed Time:00:00:18
2:19 PM: Starting Cookie Sweep
2:19 PM: Found Spy Cookie: advertising cookie
2:19 PM: simi designs@advertising[1].txt (ID = 2175)
2:19 PM: Found Spy Cookie: atwola cookie
2:19 PM: simi designs@ar.atwola[2].txt (ID = 2256)
2:19 PM: Found Spy Cookie: servedby advertising cookie
2:19 PM: simi designs@servedby.advertising[1].txt (ID = 3335)
2:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:19 PM: Starting File Sweep
2:20 PM: Warning: Failed to read file "c:\documents and settings\simi designs\local settings\temp\perflib_perfdata_318.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:22 PM: Warning: Failed to read file "c:\documents and settings\simi designs\local settings\temp\~dfa7ca.tmp". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:22 PM: Warning: Failed to read file "c:\documents and settings\simi designs\local settings\temp\~dfe1d5.tmp". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:22 PM: File Sweep Complete, Elapsed Time: 00:03:04
2:22 PM: Full Sweep has completed. Elapsed time 00:07:53
2:22 PM: Traces Found: 3
11:56 PM: Removal process initiated
11:56 PM: Quarantining All Traces: advertising cookie
11:56 PM: Quarantining All Traces: atwola cookie
11:56 PM: Quarantining All Traces: servedby advertising cookie
11:56 PM: Removal process completed. Elapsed time 00:00:01
********
10:06 AM: |··· Start of Session, Monday, August 29, 2005 ···|
10:06 AM: Spy Sweeper started
10:06 AM: Sweep initiated using definitions version 523
10:06 AM: Starting Memory Sweep
10:10 AM: Memory Sweep Complete, Elapsed Time: 00:04:03
10:10 AM: Starting Registry Sweep
10:10 AM: Found Adware: begin2search
10:10 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
10:10 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
10:10 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
10:10 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
10:10 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
10:10 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
10:10 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
10:10 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
10:10 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
10:10 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
10:10 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
10:10 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
10:10 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:10 AM: Found Adware: hotsearchbar toolbar
10:10 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:10 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:10 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:10 AM: Found Adware: bookedspace
10:10 AM: HKLM\software\configuration manager\cfgmgr52\ (376 subtraces) (ID = 104873)
10:10 AM: Found Adware: cas
10:10 AM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
10:10 AM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
10:10 AM: Found Adware: ieplugin
10:10 AM: HKU\WRSS_Profile_S-1-5-21-1708537768-1450960922-682003330-500\software\intexp\ (4 subtraces) (ID = 128173)
10:10 AM: Found Adware: drsnsrch.com hijack
10:10 AM: HKU\S-1-5-21-1708537768-1450960922-682003330-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
10:10 AM: Found Adware: roings search enhancment
10:10 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 140170)
10:10 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 140199)
10:10 AM: Found Adware: shopathomeselect
10:10 AM: HKLM\software\classes\webinstaller.cexecute.1\ (3 subtraces) (ID = 141687)
10:10 AM: HKCR\webinstaller.cexecute.1\ (3 subtraces) (ID = 141739)
10:10 AM: Found Adware: surfsidekick
10:10 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
10:10 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
10:10 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
10:10 AM: HKU\S-1-5-21-1708537768-1450960922-682003330-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
10:10 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
10:10 AM: Found Adware: abetterinternet
10:10 AM: HKLM\software\microsoft\windows\currentversion\uninstall\abi-1\ (6 subtraces) (ID = 146117)
10:10 AM: Found Adware: icannnews
10:10 AM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
10:10 AM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
10:10 AM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
10:10 AM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
10:10 AM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
10:10 AM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
10:10 AM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
10:10 AM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
10:10 AM: HKU\S-1-5-21-1708537768-1450960922-682003330-1003\software\cas\client\ (11 subtraces) (ID = 359309)
10:10 AM: HKU\WRSS_Profile_S-1-5-21-1708537768-1450960922-682003330-500\software\aurora\ (26 subtraces) (ID = 360174)
10:10 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504)
10:10 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516)
10:10 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294)
10:10 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295)
10:10 AM: Found Adware: drsnsrch hijacker
10:10 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
10:10 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
10:10 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
10:10 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
10:10 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
10:10 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (ID = 513230)
10:10 AM: HKCR\appid\{e0dc5cc4-25a5-4bc7-a3aa-3525733dc796}\ (1 subtraces) (ID = 609381)
10:10 AM: HKLM\software\classes\appid\{e0dc5cc4-25a5-4bc7-a3aa-3525733dc796}\ (1 subtraces) (ID = 609547)
10:10 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
10:10 AM: Registry Sweep Complete, Elapsed Time:00:00:13
10:10 AM: Starting Cookie Sweep
10:10 AM: Found Spy Cookie: 2o7.net cookie
10:10 AM: simi designs@2o7[2].txt (ID = 1957)
10:10 AM: Found Spy Cookie: yieldmanager cookie
10:10 AM: simi designs@ad.yieldmanager[2].txt (ID = 3751)
10:10 AM: Found Spy Cookie: pointroll cookie
10:10 AM: simi designs@ads.pointroll[2].txt (ID = 3148)
10:10 AM: Found Spy Cookie: advertising cookie
10:10 AM: simi designs@advertising[1].txt (ID = 2175)
10:10 AM: Found Spy Cookie: atwola cookie
10:10 AM: simi designs@ar.atwola[2].txt (ID = 2256)
10:10 AM: Found Spy Cookie: ask cookie
10:10 AM: simi designs@ask[1].txt (ID = 2245)
10:10 AM: Found Spy Cookie: atlas dmt cookie
10:10 AM: simi designs@atdmt[2].txt (ID = 2253)
10:10 AM: simi designs@atwola[1].txt (ID = 2255)
10:10 AM: simi designs@cnn.122.2o7[1].txt (ID = 1958)
10:10 AM: Found Spy Cookie: fastclick cookie
10:10 AM: simi designs@fastclick[2].txt (ID = 2651)
10:10 AM: Found Spy Cookie: servedby advertising cookie
10:10 AM: simi designs@servedby.advertising[2].txt (ID = 3335)
10:10 AM: Found Spy Cookie: tribalfusion cookie
10:10 AM: simi designs@tribalfusion[1].txt (ID = 3589)
10:10 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
10:10 AM: Starting File Sweep
10:10 AM: Found Trojan Horse: trojan-downloader-bookedspace
10:10 AM: c:\windows\cfgmgr52 (103 subtraces) (ID = -2147479590)
10:10 AM: Found Adware: delfin
10:10 AM: c:\documents and settings\all users\application data\picsvr (2 subtraces) (ID = -2147481134)
10:10 AM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
10:10 AM: c:\documents and settings\all users\application data\nsv (16 subtraces) (ID = -2147481136)
10:10 AM: backup-20050606-192840-266.inf (ID = 74028)
10:11 AM: Found Adware: purityscan
10:11 AM: osaka.exe (ID = 134977)
10:11 AM: Found Adware: ezula ilookup
10:11 AM: woinstall.exe (ID = 60679)
10:11 AM: Found Adware: exact cashback/bargain buddy
10:11 AM: bookedspacekvm_bsvb-eginwl52.exe (ID = 116920)
10:12 AM: Found Adware: upspiral toolbar
10:12 AM: unist2.exe (ID = 82040)
10:12 AM: Found Adware: quicklink search toolbar
10:12 AM: uninst.exe (ID = 73428)
10:12 AM: wmv1920.dbd (ID = 57692)
10:13 AM: wmv2007.dbd (ID = 57693)
10:14 AM: Found Adware: personal money tree
10:14 AM: core.bin (ID = 93264)
10:14 AM: data.bin (ID = 93265)
10:14 AM: Warning: Failed to read file "c:\documents and settings\simi designs\local settings\temp\~dfa7ca.tmp". System Error. Code: 32.
The process cannot access the file because it is being used by another process
10:14 AM: Warning: Failed to read file "c:\documents and settings\simi designs\local settings\temp\~dfe1d5.tmp". System Error. Code: 32.
The process cannot access the file because it is being used by another process
10:14 AM: wmv1909.ddx (ID = 57684)
10:14 AM: wmv0106.ddx (ID = 57679)
10:14 AM: wmv1125.ddx (ID = 57685)
10:14 AM: wmv0204.ddx (ID = 57686)
10:14 AM: wmv0412.ddx (ID = 57686)
10:14 AM: Found Adware: adlogix
10:14 AM: vzvtnb.xml (ID = 49280)
10:14 AM: wmv0904.ddx (ID = 57684)
10:14 AM: wmv1204.ddx (ID = 57686)
10:14 AM: wmv0315.ddx (ID = 57686)
10:14 AM: wmv0504.ddx (ID = 57686)
10:14 AM: File Sweep Complete, Elapsed Time: 00:04:01
10:14 AM: Full Sweep has completed. Elapsed time 00:08:23
10:14 AM: Traces Found: 912
10:26 AM: Removal process initiated
10:26 AM: Quarantining All Traces: begin2search
10:26 AM: Quarantining All Traces: hotsearchbar toolbar
10:26 AM: Quarantining All Traces: bookedspace
10:26 AM: Quarantining All Traces: cas
10:26 AM: Quarantining All Traces: ieplugin
10:26 AM: Quarantining All Traces: drsnsrch.com hijack
10:26 AM: Quarantining All Traces: roings search enhancment
10:26 AM: Quarantining All Traces: shopathomeselect
10:26 AM: Quarantining All Traces: surfsidekick
10:26 AM: Quarantining All Traces: abetterinternet
10:26 AM: Quarantining All Traces: icannnews
10:26 AM: Quarantining All Traces: drsnsrch hijacker
10:26 AM: Quarantining All Traces: 2o7.net cookie
10:26 AM: Quarantining All Traces: yieldmanager cookie
10:26 AM: Quarantining All Traces: pointroll cookie
10:26 AM: Quarantining All Traces: advertising cookie
10:26 AM: Quarantining All Traces: atwola cookie
10:26 AM: Quarantining All Traces: ask cookie
10:26 AM: Quarantining All Traces: atlas dmt cookie
10:26 AM: Quarantining All Traces: fastclick cookie
10:26 AM: Quarantining All Traces: servedby advertising cookie
10:26 AM: Quarantining All Traces: tribalfusion cookie
10:26 AM: Quarantining All Traces: trojan-downloader-bookedspace
10:26 AM: Quarantining All Traces: delfin
10:26 AM: Quarantining All Traces: purityscan
10:26 AM: Quarantining All Traces: ezula ilookup
10:26 AM: Quarantining All Traces: exact cashback/bargain buddy
10:26 AM: Quarantining All Traces: upspiral toolbar
10:26 AM: Quarantining All Traces: quicklink search toolbar
10:26 AM: Quarantining All Traces: personal money tree
10:26 AM: Quarantining All Traces: adlogix
10:31 AM: Removal process completed. Elapsed time 00:05:21
2:14 PM: |··· End of Session, Monday, August 29, 2005 ···|
********
10:02 AM: |··· Start of Session, Monday, August 29, 2005 ···|
10:02 AM: Spy Sweeper started
10:06 AM: |··· End of Session, Monday, August 29, 2005 ···|
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's what I needed to see, thank you :tazz:

Are you having any other problems??

Post one more HiJackThis log as well :)
  • 0

#33
Zaphod18

Zaphod18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanky thanky

Logfile of HijackThis v1.99.1
Scan saved at 3:49:30 AM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Simi Designs\Desktop\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your log looks fine!

Are you having any other problems??
  • 0

#35
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP