********
9:45 PM: |··· Start of Session, Monday, October 10, 2005 ···|
9:45 PM: Spy Sweeper started
9:45 PM: Sweep initiated using definitions version 552
9:45 PM: Starting Memory Sweep
9:47 PM: Found Adware: clkoptimizer
9:47 PM: Detected running threat: C:\WINDOWS\system32\oiookon.dll (ID = 146387)
9:55 PM: Detected running threat: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tnit.exe (ID = 146391)
9:55 PM: Memory Sweep Complete, Elapsed Time: 00:10:08
9:55 PM: Starting Registry Sweep
9:56 PM: Found Adware: mirar webband
9:56 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069)
9:56 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070)
9:56 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071)
9:56 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072)
9:56 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082)
9:56 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083)
9:56 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084)
9:56 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085)
9:56 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092)
9:56 PM: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (9 subtraces) (ID = 135093)
9:56 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121)
9:56 PM: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (9 subtraces) (ID = 135122)
9:56 PM: Found Adware: abetterinternet
9:56 PM: HKU\WRSS_Profile_S-1-5-21-3973020173-473866232-3689853989-500\software\aurora\ (18 subtraces) (ID = 360174)
9:56 PM: Found Trojan Horse: sysnet
9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sysnet\ (2 subtraces) (ID = 381857)
9:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
9:56 PM: Registry Sweep Complete, Elapsed Time:00:00:43
9:56 PM: Starting Cookie Sweep
9:56 PM: Found Spy Cookie: atlas dmt cookie
9:56 PM: user@atdmt[2].txt (ID = 2253)
9:56 PM: Found Spy Cookie: webtrendslive cookie
9:56 PM: user@dcslt9a2911e5h27gz9cy9xcg_5f1j[1].txt (ID = 3677)
9:56 PM: Found Spy Cookie: did-it cookie
9:56 PM: user@did-it[1].txt (ID = 2523)
9:56 PM: Found Spy Cookie: maxserving cookie
9:56 PM: user@maxserving[2].txt (ID = 2966)
9:56 PM: Found Spy Cookie: realmedia cookie
9:56 PM: user@realmedia[1].txt (ID = 3235)
9:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:56 PM: Starting File Sweep
9:56 PM: c:\program files\asys (ID = -2147477847)
9:56 PM: c:\program files\epicenter (1 subtraces) (ID = -2147477846)
9:57 PM: Found Adware: enbrowser
9:57 PM: linun.exe (ID = 60121)
9:57 PM: snuninst.exe (ID = 110129)
9:57 PM: Found Adware: cws_ns3
9:57 PM: estyw.log (ID = 56601)
9:58 PM: zapotec.bmp:tgdyqg (ID = 56601)
9:58 PM: oiookon.dll (ID = 146387)
9:59 PM: vpkvq.dat (ID = 146391)
10:00 PM: tnit.exe (ID = 146391)
10:01 PM: lfwlg.dll (ID = 146381)
10:01 PM: obmocoq.exe (ID = 146385)
10:01 PM: uaiunu.exe (ID = 146391)
10:01 PM: Found Adware: bookedspace
10:01 PM: iltgqcuzo.bus (ID = 158998)
10:01 PM: lifvbjgsv.uvb (ID = 159013)
10:01 PM: zsyswsvd.psz (ID = 159017)
10:01 PM: qlwfqzgo.lje (ID = 159027)
10:01 PM: zrcmokja.eru (ID = 158991)
10:01 PM: oeymknmirf.hxn (ID = 159005)
10:01 PM: iwwnyercz.dei (ID = 159030)
10:01 PM: udckakcff.oex (ID = 159004)
10:01 PM: oqtudrr.hyg (ID = 159003)
10:01 PM: vwqzkoc.vxl (ID = 158995)
10:01 PM: brfgqzitbew.dct (ID = 159037)
10:01 PM: iauprgarnlp.ntf (ID = 159016)
10:01 PM: xtnfmsqda.yzg (ID = 158988)
10:01 PM: kzwqffamj.urs (ID = 159047)
10:01 PM: kvcufhdo.gwj (ID = 159045)
10:01 PM: tforobonaz.usw (ID = 159060)
10:01 PM: wxxofubyktu.ths (ID = 158986)
10:01 PM: hplpwjaiz.xxy (ID = 159024)
10:01 PM: hbgedobxyy.bji (ID = 159019)
10:01 PM: magsspbuvh.nhc (ID = 159056)
10:01 PM: lsibhxywyfv.xkr (ID = 159014)
10:01 PM: ujplsvqtkg.tps (ID = 159058)
10:01 PM: jsblhzvufg.lsf (ID = 159053)
10:01 PM: ignktgkm.ksd (ID = 159028)
10:01 PM: lwdueiy.ktt (ID = 159061)
10:01 PM: hpyhwbwj.haw (ID = 159025)
10:01 PM: yfvsfcg.vus (ID = 159026)
10:01 PM: sdvjxrsg.bez (ID = 159018)
10:01 PM: gdsauvsfwe.lnl (ID = 158994)
10:01 PM: owcoqitt.blt (ID = 159031)
10:01 PM: wcwzkjhmux.cgh (ID = 159035)
10:01 PM: mgqlcwwfp.jml (ID = 158987)
10:01 PM: glfupben.eby (ID = 159052)
10:01 PM: eoeqkewepoe.ukj (ID = 159038)
10:01 PM: tvrdafqth.jcj (ID = 159001)
10:01 PM: ypgzfagbfa.pud (ID = 159051)
10:01 PM: qztpugebul.gkd (ID = 158990)
10:01 PM: mvfcspijkz.anm (ID = 159029)
10:01 PM: osyjyjmsfbw.dnp (ID = 159010)
10:01 PM: tkqemceay.irz (ID = 159015)
10:01 PM: llsxdtqb.ury (ID = 159046)
10:01 PM: erfmfbvmegs.ioo (ID = 159059)
10:01 PM: scnagzhods.gzj (ID = 159023)
10:01 PM: bbytgqapvzh.lbn (ID = 158997)
10:01 PM: slhoilj.qqt (ID = 159020)
10:01 PM: rdqicwhstot.xyv (ID = 159037)
10:01 PM: otulcikbpmw.pzu (ID = 159016)
10:01 PM: pcmtkut.lmb (ID = 159021)
10:01 PM: rkgmobtmlb.fwp (ID = 158999)
10:01 PM: mejgotug.say (ID = 159054)
10:01 PM: mvkweaxrgzo.hsk (ID = 158988)
10:01 PM: abkomgmh.tsv (ID = 158996)
10:01 PM: cbzheemkbv.pqk (ID = 159047)
10:01 PM: kyqqdmi.gkt (ID = 159045)
10:01 PM: knafslcatl.kfe (ID = 159060)
10:01 PM: ugzealbuplr.lxr (ID = 158986)
10:01 PM: umeyncgv.hsv (ID = 159006)
10:01 PM: aklkabvnpzp.wrt (ID = 159024)
10:01 PM: updgdwpn.zyu (ID = 159019)
10:01 PM: ctzwamv.xdi (ID = 159007)
10:01 PM: yajcrcqv.ajc (ID = 159056)
10:01 PM: mqdmnwkr.mar (ID = 159014)
10:01 PM: kqnbejeodd.knp (ID = 159058)
10:01 PM: oqjoptiht.ddd (ID = 159053)
10:01 PM: wnhmhclxd.tee (ID = 158993)
10:01 PM: ywruohfyqlo.lgf (ID = 159022)
10:01 PM: hmowiwwbx.nuy (ID = 159050)
10:01 PM: ywnjcbp.abz (ID = 159028)
10:01 PM: nkslevcg.ocd (ID = 159061)
10:01 PM: omkjjfa.hhi (ID = 158985)
10:01 PM: adizefvcf.rkc (ID = 159012)
10:01 PM: ceacbdnwaq.jfm (ID = 159025)
10:01 PM: sycykcwes.bso (ID = 159039)
10:01 PM: zxrnjkh.ylh (ID = 159026)
10:01 PM: qrzshopo.jiv (ID = 159018)
10:01 PM: govqgfjpx.tks (ID = 158994)
10:01 PM: uvfyfetua.lpi (ID = 159009)
10:01 PM: zezsikze.nhf (ID = 159031)
10:01 PM: lbbyocoe.fky (ID = 159035)
10:01 PM: ijnlarmylsm.haj (ID = 158987)
10:01 PM: feivuxeq.zwr (ID = 159052)
10:01 PM: jbtnycpbwcq.dzr (ID = 159038)
10:01 PM: jntnqjx.gzl (ID = 159001)
10:01 PM: ezynsfcrq.cdm (ID = 159051)
10:01 PM: pdmjehsue.udg (ID = 159011)
10:01 PM: bogaheuu.jva (ID = 158990)
10:01 PM: sedsersyf.qql (ID = 159029)
10:01 PM: qbvgxcpky.sow (ID = 159010)
10:01 PM: nvsxphxdtr.ekt (ID = 159015)
10:01 PM: nmsjxhvebx.omq (ID = 159046)
10:01 PM: ojcznljkpb.yxx (ID = 159059)
10:01 PM: dmuwrcvyy.quq (ID = 159023)
10:01 PM: khqdlmk.xwr (ID = 159033)
10:01 PM: cxrgixm.lpj (ID = 158997)
10:01 PM: winnb57.dll.tcf (ID = 159067)
10:01 PM: 876056.exe (ID = 158984)
10:01 PM: xjcxssvq.ldd (ID = 158998)
10:01 PM: amdwrobraw.fny (ID = 159040)
10:01 PM: kgpwnvc.lva (ID = 159013)
10:01 PM: vvkpkwby.epx (ID = 159017)
10:01 PM: jokudnizt.lgn (ID = 159027)
10:01 PM: oldmrxegj.rry (ID = 158991)
10:01 PM: uxgfrkulvxu.gqs (ID = 159005)
10:01 PM: rzrgvvy.hur (ID = 159030)
10:01 PM: dspacfxlhpv.uuv (ID = 159004)
10:01 PM: ddechtrh.xvq (ID = 159003)
10:01 PM: gvivhejgd.hna (ID = 158995)
10:01 PM: hhxchcwgdza.cvy (ID = 159020)
10:01 PM: pifaevnfdke.nkl (ID = 159037)
10:01 PM: zcbxpqu.inq (ID = 159016)
10:01 PM: vvbjinw.ssh (ID = 158988)
10:01 PM: coqgwkcabio.cgq (ID = 159047)
10:01 PM: zcmazeclglk.smh (ID = 159045)
10:01 PM: ineqtexuhy.ahx (ID = 159060)
10:01 PM: lvushhhs.wad (ID = 158986)
10:01 PM: sdtkwleiwp.ebf (ID = 159024)
10:01 PM: acojltnehx.bsb (ID = 159019)
10:01 PM: pjpwpdh.jen (ID = 159056)
10:01 PM: elvjasduuy.pjd (ID = 159014)
10:01 PM: sfcwuyggr.iow (ID = 159058)
10:01 PM: bzxrioei.coj (ID = 159053)
10:01 PM: ymajntazc.rwu (ID = 159028)
10:01 PM: exgzlgzeb.amq (ID = 159061)
10:01 PM: jpbdotddtb.wsf (ID = 159012)
10:01 PM: cnboxotj.xjc (ID = 159025)
10:01 PM: aobrlcuvgr.znc (ID = 159026)
10:01 PM: roilfmmpvd.rkc (ID = 159018)
10:01 PM: munlfgmx.fef (ID = 158994)
10:01 PM: xiymyorj.pbe (ID = 159031)
10:01 PM: bdzokvg.jue (ID = 159035)
10:01 PM: dnhpqaes.bav (ID = 158987)
10:01 PM: biddvts.jlt (ID = 159052)
10:01 PM: vrmokzlo.jld (ID = 159038)
10:01 PM: sgyldwoy.umh (ID = 159001)
10:01 PM: xaxruwficx.esb (ID = 159051)
10:01 PM: sgsdlso.vxf (ID = 158990)
10:01 PM: bmuufzua.lkv (ID = 159029)
10:01 PM: foxrqjufsrt.yiy (ID = 159010)
10:01 PM: pzbtqal.ovl (ID = 159015)
10:01 PM: pkqcyil.bar (ID = 159046)
10:01 PM: zngtvdvz.zmw (ID = 159059)
10:01 PM: vcgfnhuxnb.hoj (ID = 159023)
10:01 PM: hufdxypr.ztq (ID = 158997)
10:01 PM: cmehdeopfo.lul (ID = 158998)
10:01 PM: bbbjiqmt.qxf (ID = 159002)
10:01 PM: npcctzie.tzx (ID = 159040)
10:01 PM: venbdqrhc.lfz (ID = 158992)
10:01 PM: gbkvxfpyygw.xdb (ID = 159013)
10:01 PM: mryogxta.kpb (ID = 159017)
10:01 PM: exdhgcuocjw.wkx (ID = 159027)
10:01 PM: mtorhppk.zqy (ID = 158991)
10:01 PM: dugbufc.yoi (ID = 159055)
10:01 PM: kiysnxoknae.irt (ID = 159005)
10:01 PM: fnapeisofil.rdn (ID = 159030)
10:01 PM: xkdtlsagxlh.ohx (ID = 159004)
10:01 PM: aakfyhmgd.uvi (ID = 159003)
10:01 PM: ydgpoom.mbo (ID = 158995)
10:02 PM: Found Adware: surfsidekick
10:02 PM: sskcwrd.dll (ID = 77712)
10:02 PM: vckapkirx.yoj (ID = 159040)
10:02 PM: vhdbdlqmn.lsq (ID = 159012)
10:02 PM: vkcsbkjkmt.dih (ID = 159020)
10:02 PM: uninstall_wh.exe (ID = 60133)
10:02 PM: Found Adware: mindset interactive - favoriteman
10:02 PM: bundle_101.inf (ID = 69821)
10:02 PM: File Sweep Complete, Elapsed Time: 00:05:45
10:02 PM: Full Sweep has completed. Elapsed time 00:16:48
10:02 PM: Traces Found: 318
12:04 AM: Removal process initiated
12:04 AM: Quarantining All Traces: clkoptimizer
12:04 AM: clkoptimizer is in use. It will be removed on reboot.
12:04 AM: oiookon.dll is in use. It will be removed on reboot.
12:04 AM: C:\WINDOWS\system32\oiookon.dll is in use. It will be removed on reboot.
12:04 AM: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tnit.exe is in use. It will be removed on reboot.
12:04 AM: Quarantining All Traces: mirar webband
12:04 AM: Quarantining All Traces: abetterinternet
12:04 AM: Quarantining All Traces: sysnet
12:04 AM: Quarantining All Traces: atlas dmt cookie
12:04 AM: Quarantining All Traces: webtrendslive cookie
12:04 AM: Quarantining All Traces: did-it cookie
12:04 AM: Quarantining All Traces: maxserving cookie
12:04 AM: Quarantining All Traces: realmedia cookie
12:04 AM: Quarantining All Traces: enbrowser
12:04 AM: Quarantining All Traces: cws_ns3
12:04 AM: Quarantining All Traces: bookedspace
12:05 AM: Quarantining All Traces: surfsidekick
12:05 AM: Quarantining All Traces: mindset interactive - favoriteman
12:06 AM: Preparing to restart your computer. Please wait...
12:06 AM: Removal process completed. Elapsed time 00:02:44
12:13 AM: Deletion from quarantine initiated
12:13 AM: Processing: realmedia cookie
12:13 AM: Processing: sysnet
12:13 AM: Processing: clkoptimizer
12:13 AM: Processing: abetterinternet
12:13 AM: Processing: cws_ns3
12:13 AM: Processing: did-it cookie
12:13 AM: Processing: enbrowser
12:13 AM: Processing: bookedspace
12:13 AM: Processing: maxserving cookie
12:13 AM: Processing: mindset interactive - favoriteman
12:13 AM: Processing: mirar webband
12:13 AM: Processing: webtrendslive cookie
12:13 AM: Processing: surfsidekick
12:13 AM: Processing: atlas dmt cookie
12:13 AM: Deletion from quarantine completed. Elapsed time 00:00:02
********
9:31 PM: |··· Start of Session, Monday, October 10, 2005 ···|
9:31 PM: Spy Sweeper started
9:31 PM: Sweep initiated using definitions version 552
9:31 PM: Starting Memory Sweep
********
9:30 PM: |··· Start of Session, Monday, October 10, 2005 ···|
9:30 PM: Spy Sweeper started
9:31 PM: |··· End of Session, Monday, October 10, 2005 ···|
Logfile of HijackThis v1.99.1
Scan saved at 12:20:08 AM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\GeeksToGo\Hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zone.../ICSScanner.cabO16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) -
http://a248.e.akamai...ol/SymDlBrg.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://upload.smugmu...vex/XUpload.ocxO16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -
http://www.networkso...rueSwitchEC.exeO20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:20:08 AM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\GeeksToGo\Hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zone.../ICSScanner.cabO16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) -
http://a248.e.akamai...ol/SymDlBrg.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://upload.smugmu...vex/XUpload.ocxO16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -
http://www.networkso...rueSwitchEC.exeO20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe