Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan.startpage.gen [RESOLVED]

Started by starwood , Dec 02 2005 12:55 PM

  • This topic is locked This topic is locked

#1
starwood
Posted 02 December 2005 - 12:55 PM

starwood

    Member

  • Member
  • PipPip
  • 41 posts
My spyware doctor keeps coming up with this. It's in registry\software\microsoft\multimedia\activemovie.

Logfile of HijackThis v1.99.1
Scan saved at 1:47:26 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\tppaldr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\MUSICM~2\MUSICM~1\MMDiag.exe
C:\sweep\SWEEP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweepstakestoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~2\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysme...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.micro...loadcontrol.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai...uditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactcomm...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://babymint.nest...ActiveX1600.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

Advertisements

#2
starwood
Posted 03 December 2005 - 02:17 PM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Help - now my system restore is coming up completely blank. I can't restore it. This started after I tried to reinstall Norton - it kept freezing up on me.

I also can't access links in Yahoo and AOL. Here is a current Hijack this.

Any help is greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:47:16 AM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MUSICM~2\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\sweep\SWEEP.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.sweepstakestoday.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://store.presari...storeredir2.dll?

s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Powermarks -

{6172E460-FAE3-11D2-B494-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: PCTools Browser Monitor -

{B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &RoboForm -

{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Powermarks -

{E166B4A2-83E7-11D3-B4FD-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program

Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark

2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax

Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust

PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MimBoot]

C:\PROGRA~1\MUSICM~2\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program

Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SsAAD.exe]

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI

Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware

Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program

Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk =

C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program

Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program

Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .hlq: C:\Program Files\Internet

Explorer\PLUGINS\NpHcd32.dll
O14 - IERESET.INF:

START_PAGE_URL=http://store.presario.net/scripts/redirectors/pres

ario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Lottso by pogo -

http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: symsupportutil -

https://www-secure.s.../symsupportutil.

CAB
O16 - DPF: Tri-Peaks by pogo -

http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.co...ldclass-ob-asse

ts.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys

Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX

ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl

Class) -

https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner

Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}

(QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -

http://tools.ebayimg...rol_v1-0-3-24.c

ab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai...ecall.trendmicr

o.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove

Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}

(CamImage Class) -

http://floridakeysme...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie

Control) -

http://a19.g.akamai....s.com/r3302/cpb

rkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse

V5 ActiveX Control) -

http://www.pulse3d.c...ePlayer5.2AxWin.

cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}

(InetDownload Class) -

http://activex.micro...Media/downloadc

ontrol.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}

(Download Class) -

http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}

(Symantec RuFSI Registry Information Class) -

http://security.syma...mon/bin/cabsa.c

ab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}

(Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C}

(ContentAuditX Control) -

http://a840.g.akamai...ntentwatch.com/

audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

(GpcContainer Class) -

https://interactcomm...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) -

https://www-secure.s...a/ActiveData.ca

b
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170}

(AvzPrintingComponent Class) -

http://babymint.nest...ents/AvzPrintin

gActiveX1600.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}

(moDiagCollectionActiveX Object) -

http://www.musicmatc...tics/cabs/DiagC

ollectionControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America

Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -

Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,

Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file

missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -

C:\WINDOWS\system32\pctspk.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North

America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file

missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk

(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation -

C:\Program Files\Iomega\AutoDisk\ADService.exe

Edited by starwood, 04 December 2005 - 06:55 AM.

  • 0

#3
sari
Posted 05 December 2005 - 11:03 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Hi, starwood, and welcome to Geeks to Go. I'm currently reviewing your log and will post a response shortly.

sari
  • 0

#4
sari
Posted 05 December 2005 - 03:27 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
starwood,

I see from your log that you're already running AVG anti-virus, and you have Norton at least partially installed. Running two anti-virus programs can cause conflicts in your pc, and may actually worsen performance. This may be the cause of the lockup you've experienced. Please tell me which version of Norton you have, and I can help you uninstall that completely.

Please download ewido security suite; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • There should be an icon on your desktop, double-click it to launch Ewido.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16-DPF:{9522B3FB-7A2B-4646-8AF6-36E7F593073C}(cpbrkpieControl)-http://a19.g.akamai.net/7/19/7125/1451/ftp...s.com/r3302/cpbrkpie.cab
O16-DPF:{A48D0309-8DA3-41AA-98E4-89194D471890}(PulseV5ActiveXControl)-http://www.pulse3d.com/players/english/5.2...ePlayer5.2AxWin.cab

Please post a new hijackthis log, the results of the ewido scan, and the version of Norton that you have.

sar
  • 0

#5
starwood
Posted 06 December 2005 - 06:35 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ewido found a lot of cookies.

Here is the current Hijack this without those 2 entries.

Logfile of HijackThis v1.99.1
Scan saved at 7:31:32 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\MUSICM~2\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.sweepstakestoday.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://store.presari...storeredir2.dll?

s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Powermarks -

{6172E460-FAE3-11D2-B494-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: PCTools Browser Monitor -

{B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &RoboForm -

{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Powermarks -

{E166B4A2-83E7-11D3-B4FD-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program

Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark

2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax

Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust

PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MimBoot]

C:\PROGRA~1\MUSICM~2\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program

Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SsAAD.exe]

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI

Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware

Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program

Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk =

C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program

Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program

Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .hlq: C:\Program Files\Internet

Explorer\PLUGINS\NpHcd32.dll
O14 - IERESET.INF:

START_PAGE_URL=http://store.presario.net/scripts/redirectors/pres

ario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Lottso by pogo -

http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: symsupportutil -

https://www-secure.s.../symsupportutil.

CAB
O16 - DPF: Tri-Peaks by pogo -

http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.co...ldclass-ob-asse

ts.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys

Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX

ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl

Class) -

https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner

Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}

(QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -

http://tools.ebayimg...rol_v1-0-3-24.c

ab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai...ecall.trendmicr

o.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove

Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}

(CamImage Class) -

http://floridakeysme...sCamControl.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}

(InetDownload Class) -

http://activex.micro...Media/downloadc

ontrol.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}

(Download Class) -

http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}

(Symantec RuFSI Registry Information Class) -

http://security.syma...mon/bin/cabsa.c

ab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}

(Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C}

(ContentAuditX Control) -

http://a840.g.akamai...ntentwatch.com/

audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

(GpcContainer Class) -

https://interactcomm...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) -

https://www-secure.s...a/ActiveData.ca

b
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170}

(AvzPrintingComponent Class) -

http://babymint.nest...ents/AvzPrintin

gActiveX1600.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}

(moDiagCollectionActiveX Object) -

http://www.musicmatc...tics/cabs/DiagC

ollectionControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America

Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -

Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,

Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file

missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -

C:\WINDOWS\system32\pctspk.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North

America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file

missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk

(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation -

C:\Program Files\Iomega\AutoDisk\ADService.exe

System restore is still blank.
  • 0

#6
starwood
Posted 06 December 2005 - 10:19 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Spyware Doctor just picked up worm.mytob. I'm running ewido again to see if it's completely gone.
  • 0

#7
sari
Posted 06 December 2005 - 10:29 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
starwood,

Would you please post the ewido log in here for me to look at? I'd like to see what else it finds, and then we'll go from there.

Thanks,

sari
  • 0

#8
starwood
Posted 06 December 2005 - 10:36 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
This was from this morning. I'm running it now and so far it hasn't found anything.

They all appear to be cookies.

I just thought of something - I'm use AVG free but I'm also using Firefox. Is AVG effective with Firefox? The website says windows.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:26:28 AM, 12/6/2005
+ Report-Checksum: 4B75525A

+ Scan result:

:mozilla.87:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.217:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.218:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.219:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.222:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.262:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.263:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.298:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.305:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.306:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.307:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.341:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Splashspot : Cleaned with backup
:mozilla.459:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.460:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.461:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.462:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.469:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.53:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\compaq\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End

Edited by starwood, 06 December 2005 - 10:50 AM.

  • 0

#9
starwood
Posted 06 December 2005 - 11:56 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Last scan.


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:53:16 PM, 12/6/2005
+ Report-Checksum: 6132108F

+ Scan result:

:mozilla.79:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.80:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.81:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.179:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.180:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.181:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.182:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.183:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.185:C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\xindaqgz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End
  • 0

#10
sari
Posted 06 December 2005 - 12:03 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
starwood,

AVG Free will work fine with Firefox, so that isn't an issue. I am concerned that traces of Norton are showing up in your log, however, as this can definitely cause conflicts. I would suggest we try to remove all traces of the Norton to see if that helps. If you can tell me what version of Norton you have, we can try one of the Symantec remove utilities.

Your first ewido scan was indeed nothing but cookies; were the results any different for the second?

It's possible your system restore became corrupted - when we're sure your system is clean, we'll reset it so you have a clean restore point.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++

If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.

Post the results of the scan here, along with your version of Norton. Also, are you still having the issue with links in Yahoo and AOL?

Thanks,

sari
  • 0

Advertisements

#11
starwood
Posted 06 December 2005 - 12:20 PM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
It was Norton 2003 Internet Security.

Not having problems with Yahoo or AOL but I've switched from Internet Explorer to Firefox. I haven't tried them again in explorer.

Kapersky wouldn't download something about activex and I have windows OS and netscape. I'll try Housecall and post that when done.
  • 0

#12
starwood
Posted 06 December 2005 - 04:57 PM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I ran the Java based Housecall. It cleaned out several more items but didn't give me a log to post. I ran it a second time and it said I was clean.
  • 0

#13
starwood
Posted 07 December 2005 - 08:44 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
So far today my Spyware Doctor scan has been clean. I'm running Ewido now. It has so far picked up 5 cookies.

Edited by starwood, 07 December 2005 - 08:50 AM.

  • 0

#14
sari
Posted 07 December 2005 - 03:31 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
starwood,

Your last hijackthis log was clean, and the fact that your scans are coming up clean is a good sign. I'd like you to post another hijackthis log for me to look at, just to be sure nothing has changed there. If you're not having any more problems, then we can reset your restore points. I'd also like to address the Norton and AVG issue. If you would like to keep Norton because you paid for it, that's fine - you'll need to uninstall AVG. AVG is an excellent product, though, and I would recommend it. I can also make recommendations for other firewall products and additional ways to protect your pc, should you choose to uninstall the Norton.

sari
  • 0

#15
starwood
Posted 08 December 2005 - 07:07 AM

starwood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I would like to get rid of Norton. I'm currently running AVG, spydoctor, spyware blaster, spybot, spyware guard, firefox with adblock and noscript, pest patrol, microsoft antispyware and adaware. That's all I can think of right now.

Logfile of HijackThis v1.99.1
Scan saved at 8:06:58 AM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\MUSICM~2\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\sweep\SWEEP.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\asp.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.sweepstakestoday.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://store.presari...storeredir2.dll?

s=consumerfav&c=3c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection -

{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Powermarks -

{6172E460-FAE3-11D2-B494-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a}

- C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor -

{B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &RoboForm -

{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Companion -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Powermarks -

{E166B4A2-83E7-11D3-B4FD-004005A47AAA} -

C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [ADUserMon] C:\Program

Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark

2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax

Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust

PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [MimBoot]

C:\PROGRA~1\MUSICM~2\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program

Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SsAAD.exe]

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI

Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware

Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program

Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program

Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk =

C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program

Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program

Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .hlq: C:\Program Files\Internet

Explorer\PLUGINS\NpHcd32.dll
O14 - IERESET.INF:

START_PAGE_URL=http://store.presario.net/scripts/redirectors/pres

ario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Lottso by pogo -

http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: symsupportutil -

https://www-secure.s.../symsupportutil.

CAB
O16 - DPF: Tri-Peaks by pogo -

http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.co...ldclass-ob-asse

ts.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys

Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX

ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl

Class) -

https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner

Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}

(QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -

http://tools.ebayimg...rol_v1-0-3-24.c

ab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai...ecall.trendmicr

o.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove

Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}

(CamImage Class) -

http://floridakeysme...sCamControl.ocx
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}

(InetDownload Class) -

http://activex.micro...Media/downloadc

ontrol.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B}

(Download Class) -

http://expressit.bro...in/Download.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}

(Symantec RuFSI Registry Information Class) -

http://security.syma...mon/bin/cabsa.c

ab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}

(Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C}

(ContentAuditX Control) -

http://a840.g.akamai...ntentwatch.com/

audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

(GpcContainer Class) -

https://interactcomm...bex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) -

https://www-secure.s...a/ActiveData.ca

b
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170}

(AvzPrintingComponent Class) -

http://babymint.nest...ents/AvzPrintin

gActiveX1600.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}

(moDiagCollectionActiveX Object) -

http://www.musicmatc...tics/cabs/DiagC

ollectionControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America

Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -

Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -

Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,

Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file

missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -

C:\WINDOWS\system32\pctspk.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North

America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file

missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk

(_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation -

C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP