Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unknown browser hijacker Trojan Crypter? Aze Bar? [RESOLVED]


  • This topic is locked This topic is locked

#1
ionltd

ionltd

    Member

  • Member
  • PipPip
  • 14 posts
What a mess.

The problem is with my work desktop and it's so bad I'm using my laptop for this communication...I can't keep a browser open without being hijacked for more than 2 minutes.

Also I'm unable to remove aze bar from application list in add and remove programs.

I've downloaded and run about every suggestion found on GTG.

Here's my hijack this log

Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 9:40:02 AM, on 2/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Norton Internet Security\comHost.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\dtsc.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\E_S00RP1.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\SAgent4.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\msdtc.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08FE5F77-19CB-4062-8E47-8EF8D9D0DC64} - D:\WINDOWS\system32\winbrume.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - D:\WINDOWS\System32\AlxTB1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDVirtualPrinterAgent] D:\PROGRA~1\SDApps\PRINT-~1\SDVPAGENT.EXE
O4 - HKLM\..\Run: [Pwr32ctr] d:\windows\system32\pwr32ctr.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = D:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\dtsc.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136311698739
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicema...d/smdesktop.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.bestcolor...icsUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C034B7-B640-4157-B69D-868C2B44A3FC}: NameServer = 12.160.158.5 12.160.158.10
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi ionltd and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Please update your Ewido definitions and run the program in Safe Mode. Keep the log

2. Reboot your system

3. Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with the Ewido log and a fresh HJT log.
Regards,

Trevuren

  • 0

#3
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
sorry it took so long, but I couldn't open your site after I got the response notice email

It seems to be working better already

Barbara

ok

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Norton Internet Security\comHost.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\AvaFind\AvaFind.exe
D:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\dtsc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\E_S00RP1.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\SAgent4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\msdtc.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08FE5F77-19CB-4062-8E47-8EF8D9D0DC64} - D:\WINDOWS\system32\winbrume.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - D:\WINDOWS\System32\AlxTB1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDVirtualPrinterAgent] D:\PROGRA~1\SDApps\PRINT-~1\SDVPAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = D:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\dtsc.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136311698739
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicema...d/smdesktop.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.bestcolor...icsUploader.CAB
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\SAgent4.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe

ewido
********
9:48 AM: | Start of Session, Thursday, February 23, 2006 |
9:48 AM: Spy Sweeper started
9:48 AM: Sweep initiated using definitions version 618
9:48 AM: Starting Memory Sweep
9:51 AM: Memory Sweep Complete, Elapsed Time: 00:03:37
9:51 AM: Starting Registry Sweep
9:52 AM: Found Adware: ist slotchbar
9:52 AM: HKCR\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141827)
9:52 AM: Found Adware: ist software
9:52 AM: HKCR\istprotect.protecter\ (5 subtraces) (ID = 141831)
9:52 AM: HKLM\software\classes\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141833)
9:52 AM: HKLM\software\classes\istprotect.protecter\ (5 subtraces) (ID = 141837)
9:52 AM: HKLM\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141839)
9:52 AM: HKCR\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141844)
9:52 AM: Found Adware: winad
9:52 AM: HKLM\software\winad client\ (1 subtraces) (ID = 147237)
9:52 AM: Found Adware: personal money tree
9:52 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
9:52 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
9:52 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
9:52 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
9:52 AM: HKCR\istprotect.protecter.1\ (3 subtraces) (ID = 542113)
9:52 AM: HKLM\software\classes\istprotect.protecter.1\ (3 subtraces) (ID = 542117)
9:52 AM: Found Adware: dealhelper
9:52 AM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
9:52 AM: Found Trojan Horse: spamrelayer_alpiok
9:52 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548)
9:52 AM: Found Trojan Horse: trojan-backdoor-superbgirlz
9:52 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {4f141cba-1457-6cca-03a7-7aa21b61ea0f} (ID = 954575)
9:52 AM: HKU\S-1-5-21-448539723-1292428093-682003330-1004\software\classes\clsid\{4f141cba-1457-6cca-03a7-7aa21b61ea0f}\ (3 subtraces) (ID = 954563)
9:52 AM: Registry Sweep Complete, Elapsed Time:00:00:36
9:52 AM: Starting Cookie Sweep
9:52 AM: Found Spy Cookie: ask cookie
9:52 AM: [email protected][2].txt (ID = 2245)
9:52 AM: Found Spy Cookie: atlas dmt cookie
9:52 AM: [email protected][1].txt (ID = 2253)
9:52 AM: Found Spy Cookie: go2net.com cookie
9:52 AM: [email protected][1].txt (ID = 2730)
9:52 AM: Found Spy Cookie: infospace cookie
9:52 AM: [email protected][1].txt (ID = 2865)
9:52 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:52 AM: Starting File Sweep
9:52 AM: Found Adware: spysheriff fakealert
9:52 AM: secure32.html (ID = 184319)
9:55 AM: d:\program files\winad client (ID = -2147480018)
9:55 AM: Found Trojan Horse: 2nd-thought
9:55 AM: d:\windows\system32\newmsrdk (ID = -2147481534)
9:55 AM: Warning: Failed to open file "d:\recycler\\dd5\second.bat". The system cannot find the path specified
9:55 AM: Warning: Failed to open file "d:\recycler\\dd5\restart.exe". The system cannot find the path specified
9:56 AM: Warning: Failed to open file "d:\recycler\\dd9.log". The system cannot find the file specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd5\l2mfix.bat". The system cannot find the path specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd11\readme.txt". The system cannot find the path specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd11\second.bat". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\winlogondefaults.reg". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\win2000def.reg". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\keypress.com". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\ntrights.exe". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\process.exe". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\readme.txt". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd10.txt". The system cannot find the file specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\winlogondefaults.reg". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\win2000def.reg". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\locate.com". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\keypress.com". The system cannot find the path specified
10:11 AM: Warning: Failed to open file "d:\recycler\\dd5\zip.exe". The system cannot find the path specified
10:16 AM: Warning: Failed to open file "d:\recycler\\dd11\ntrights.exe". The system cannot find the path specified
10:29 AM: Found Adware: adlogix
10:29 AM: test.inf (ID = 49247)
10:34 AM: Warning: Failed to open file "d:\recycler\\dd5\strings.exe". The system cannot find the path specified
10:35 AM: Warning: Failed to open file "d:\recycler\\dd4\runthis.bat". The system cannot find the path specified
10:36 AM: Warning: Failed to open file "d:\recycler\\dd11\process.exe". The system cannot find the path specified
10:41 AM: chfqgyk2.xml (ID = 57648)
10:50 AM: chfqgyk1.xml (ID = 57647)
10:52 AM: Warning: Failed to open file "d:\recycler\\dd11\zip.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\grep.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\sed.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\zip.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\strings.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\restart.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\l2mfix.bat". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\locate.com". The system cannot find the path specified
10:55 AM: chfqgyu.xml (ID = 57649)
10:57 AM: chfqgyu2.xml (ID = 57651)
10:57 AM: chfqgyu1.xml (ID = 57650)
10:57 AM: Warning: Failed to open file "d:\recycler\\dd7.exe". The system cannot find the file specified
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\aui40.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03aef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03cef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03bef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat". The process cannot access the file because it is being used by another process
10:58 AM: Found Adware: azsearch toolbar
10:58 AM: azebar.xml (ID = 239287)
10:58 AM: chfqgyk.xml (ID = 57646)
10:59 AM: backup-20060213-105905-503.inf (ID = 50329)
10:59 AM: chfqgydk.xml (ID = 57645)
11:00 AM: Found Adware: ist yoursitebar
11:00 AM: ysbactivex.inf (ID = 91033)
11:00 AM: Found Adware: dialer access
11:00 AM: installer.inf (ID = 58228)
11:00 AM: winadx.inf (ID = 90469)
11:00 AM: Found Adware: ist istbar
11:00 AM: istactivex.inf (ID = 64605)
11:00 AM: istprotect.inf (ID = 76128)
11:24 AM: File Sweep Complete, Elapsed Time: 01:32:28
11:24 AM: Full Sweep has completed. Elapsed time 01:36:44
11:24 AM: Traces Found: 138
11:25 AM: Removal process initiated
11:25 AM: Quarantining All Traces: 2nd-thought
11:25 AM: Quarantining All Traces: adlogix
11:25 AM: Quarantining All Traces: ist istbar
11:25 AM: Quarantining All Traces: spamrelayer_alpiok
11:25 AM: Quarantining All Traces: spysheriff fakealert
11:26 AM: Quarantining All Traces: azsearch toolbar
11:26 AM: Quarantining All Traces: ist slotchbar
11:26 AM: Quarantining All Traces: trojan-backdoor-superbgirlz
11:26 AM: Quarantining All Traces: winad
11:26 AM: Quarantining All Traces: dealhelper
11:26 AM: Quarantining All Traces: dialer access
11:26 AM: Quarantining All Traces: ist software
11:26 AM: Quarantining All Traces: ist yoursitebar
11:26 AM: Quarantining All Traces: personal money tree
11:26 AM: Quarantining All Traces: ask cookie
11:26 AM: Quarantining All Traces: atlas dmt cookie
11:26 AM: Quarantining All Traces: go2net.com cookie
11:26 AM: Quarantining All Traces: infospace cookie
11:32 AM: Removal process completed. Elapsed time 00:06:50
********
1:34 PM: | Start of Session, Wednesday, February 22, 2006 |
1:34 PM: Spy Sweeper started
1:34 PM: Sweep initiated using definitions version 618
1:34 PM: Starting Memory Sweep
1:37 PM: Memory Sweep Complete, Elapsed Time: 00:03:23
1:37 PM: Starting Registry Sweep
1:37 PM: Found Adware: ist slotchbar
1:37 PM: HKCR\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141827)
1:37 PM: Found Adware: ist software
1:37 PM: HKCR\istprotect.protecter\ (5 subtraces) (ID = 141831)
1:37 PM: HKLM\software\classes\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141833)
1:37 PM: HKLM\software\classes\istprotect.protecter\ (5 subtraces) (ID = 141837)
1:37 PM: HKLM\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141839)
1:37 PM: HKCR\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141844)
1:37 PM: Found Adware: winad
1:37 PM: HKLM\software\winad client\ (1 subtraces) (ID = 147237)
1:37 PM: Found Adware: personal money tree
1:37 PM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
1:37 PM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
1:37 PM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
1:37 PM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
1:37 PM: HKCR\istprotect.protecter.1\ (3 subtraces) (ID = 542113)
1:37 PM: HKLM\software\classes\istprotect.protecter.1\ (3 subtraces) (ID = 542117)
1:37 PM: Found Adware: dealhelper
1:37 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
1:37 PM: Found Trojan Horse: spamrelayer_alpiok
1:37 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548)
1:37 PM: Found Trojan Horse: trojan-backdoor-superbgirlz
1:37 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {4f141cba-1457-6cca-03a7-7aa21b61ea0f} (ID = 954575)
1:37 PM: HKU\S-1-5-21-448539723-1292428093-682003330-1004\software\classes\clsid\{4f141cba-1457-6cca-03a7-7aa21b61ea0f}\ (3 subtraces) (ID = 954563)
1:38 PM: Registry Sweep Complete, Elapsed Time:00:00:16
1:38 PM: Starting Cookie Sweep
1:38 PM: Found Spy Cookie: ask cookie
1:38 PM: [email protected][2].txt (ID = 2245)
1:38 PM: Found Spy Cookie: atlas dmt cookie
1:38 PM: [email protected][1].txt (ID = 2253)
1:38 PM: Found Spy Cookie: go2net.com cookie
1:38 PM: [email protected][1].txt (ID = 2730)
1:38 PM: Found Spy Cookie: infospace cookie
1:38 PM: [email protected][1].txt (ID = 2865)
1:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:38 PM: Starting File Sweep
1:38 PM: Found Adware: spysheriff fakealert
1:38 PM: secure32.html (ID = 184319)
1:41 PM: d:\program files\winad client (ID = -2147480018)
1:41 PM: Found Trojan Horse: 2nd-thought
1:41 PM: d:\windows\system32\newmsrdk (ID = -2147481534)
1:42 PM: Warning: Failed to open file "d:\recycler\\dd5\second.bat". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "d:\recycler\\dd5\restart.exe". The system cannot find the path specified
1:42 PM: Warning: Failed to open file "d:\recycler\\dd9.log". The system cannot find the file specified
1:46 PM: Warning: Failed to open file "d:\recycler\\dd5\l2mfix.bat". The system cannot find the path specified
1:46 PM: Warning: Failed to open file "d:\recycler\\dd11\readme.txt". The system cannot find the path specified
1:46 PM: Warning: Failed to open file "d:\recycler\\dd11\second.bat". The system cannot find the path specified
1:47 PM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\winlogondefaults.reg". The system cannot find the path specified
1:47 PM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\win2000def.reg". The system cannot find the path specified
1:47 PM: Warning: Failed to open file "d:\recycler\\dd11\keypress.com". The system cannot find the path specified
1:48 PM: Warning: Failed to open file "d:\recycler\\dd5\ntrights.exe". The system cannot find the path specified
1:48 PM: Warning: Failed to open file "d:\recycler\\dd5\process.exe". The system cannot find the path specified
1:49 PM: Warning: Failed to open file "d:\recycler\\dd5\readme.txt". The system cannot find the path specified
1:49 PM: Warning: Failed to open file "d:\recycler\\dd10.txt". The system cannot find the file specified
1:49 PM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\winlogondefaults.reg". The system cannot find the path specified
1:49 PM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\win2000def.reg". The system cannot find the path specified
1:50 PM: Warning: Failed to open file "d:\recycler\\dd5\locate.com". The system cannot find the path specified
1:50 PM: Warning: Failed to open file "d:\recycler\\dd5\keypress.com". The system cannot find the path specified
2:01 PM: Warning: Failed to open file "d:\recycler\\dd5\zip.exe". The system cannot find the path specified
2:09 PM: Warning: Failed to open file "d:\recycler\\dd11\ntrights.exe". The system cannot find the path specified
2:26 PM: Found Adware: adlogix
2:26 PM: test.inf (ID = 49247)
2:34 PM: Warning: Failed to open file "d:\recycler\\dd5\strings.exe". The system cannot find the path specified
2:36 PM: Warning: Failed to open file "d:\recycler\\dd4\runthis.bat". The system cannot find the path specified
2:37 PM: Warning: Failed to open file "d:\recycler\\dd11\process.exe". The system cannot find the path specified
2:52 PM: chfqgyk2.xml (ID = 57648)
3:00 PM: chfqgyk1.xml (ID = 57647)
3:03 PM: Warning: Failed to open file "d:\recycler\\dd11\zip.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd4\grep.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd4\sed.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd4\zip.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd11\strings.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd11\restart.exe". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd11\l2mfix.bat". The system cannot find the path specified
3:05 PM: Warning: Failed to open file "d:\recycler\\dd11\locate.com". The system cannot find the path specified
3:07 PM: chfqgyu.xml (ID = 57649)
3:10 PM: chfqgyu2.xml (ID = 57651)
3:10 PM: chfqgyu1.xml (ID = 57650)
3:11 PM: Warning: Failed to open file "d:\recycler\\dd7.exe". The system cannot find the file specified
3:11 PM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\aui40.db". The process cannot access the file because it is being used by another process
3:11 PM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03aef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
3:11 PM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03cef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
3:11 PM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03bef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
3:11 PM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat". The process cannot access the file because it is being used by another process
3:12 PM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat". The process cannot access the file because it is being used by another process
3:13 PM: Found Adware: azsearch toolbar
3:13 PM: azebar.xml (ID = 239287)
3:13 PM: chfqgyk.xml (ID = 57646)
3:15 PM: backup-20060213-105905-503.inf (ID = 50329)
3:15 PM: chfqgydk.xml (ID = 57645)
3:15 PM: Found Adware: ist yoursitebar
3:15 PM: ysbactivex.inf (ID = 91033)
3:15 PM: Found Adware: dialer access
3:15 PM: installer.inf (ID = 58228)
3:15 PM: winadx.inf (ID = 90469)
3:15 PM: Found Adware: ist istbar
3:15 PM: istactivex.inf (ID = 64605)
3:15 PM: istprotect.inf (ID = 76128)
3:48 PM: Warning: Unhandled Archive Type
3:48 PM: Warning: Unhandled Archive Type
3:50 PM: Warning: Unhandled Archive Type
3:50 PM: Warning: Unhandled Archive Type
3:50 PM: Warning: Unhandled Archive Type
3:50 PM: Warning: File not found
3:51 PM: File Sweep Complete, Elapsed Time: 02:13:36
3:51 PM: Full Sweep has completed. Elapsed time 02:07:48
3:51 PM: Traces Found: 138
********
10:34 AM: | Start of Session, Wednesday, February 22, 2006 |
10:34 AM: Spy Sweeper started
10:35 AM: Messenger service has been disabled.
10:44 AM: Your spyware definitions have been updated.
1:32 PM: Warning: Access is denied
1:34 PM: | End of Session, Wednesday, February 22, 2006 |


spy sweeper
********
9:48 AM: | Start of Session, Thursday, February 23, 2006 |
9:48 AM: Spy Sweeper started
9:48 AM: Sweep initiated using definitions version 618
9:48 AM: Starting Memory Sweep
9:51 AM: Memory Sweep Complete, Elapsed Time: 00:03:37
9:51 AM: Starting Registry Sweep
9:52 AM: Found Adware: ist slotchbar
9:52 AM: HKCR\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141827)
9:52 AM: Found Adware: ist software
9:52 AM: HKCR\istprotect.protecter\ (5 subtraces) (ID = 141831)
9:52 AM: HKLM\software\classes\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (20 subtraces) (ID = 141833)
9:52 AM: HKLM\software\classes\istprotect.protecter\ (5 subtraces) (ID = 141837)
9:52 AM: HKLM\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141839)
9:52 AM: HKCR\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (9 subtraces) (ID = 141844)
9:52 AM: Found Adware: winad
9:52 AM: HKLM\software\winad client\ (1 subtraces) (ID = 147237)
9:52 AM: Found Adware: personal money tree
9:52 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
9:52 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
9:52 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
9:52 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
9:52 AM: HKCR\istprotect.protecter.1\ (3 subtraces) (ID = 542113)
9:52 AM: HKLM\software\classes\istprotect.protecter.1\ (3 subtraces) (ID = 542117)
9:52 AM: Found Adware: dealhelper
9:52 AM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
9:52 AM: Found Trojan Horse: spamrelayer_alpiok
9:52 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548)
9:52 AM: Found Trojan Horse: trojan-backdoor-superbgirlz
9:52 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {4f141cba-1457-6cca-03a7-7aa21b61ea0f} (ID = 954575)
9:52 AM: HKU\S-1-5-21-448539723-1292428093-682003330-1004\software\classes\clsid\{4f141cba-1457-6cca-03a7-7aa21b61ea0f}\ (3 subtraces) (ID = 954563)
9:52 AM: Registry Sweep Complete, Elapsed Time:00:00:36
9:52 AM: Starting Cookie Sweep
9:52 AM: Found Spy Cookie: ask cookie
9:52 AM: [email protected][2].txt (ID = 2245)
9:52 AM: Found Spy Cookie: atlas dmt cookie
9:52 AM: [email protected][1].txt (ID = 2253)
9:52 AM: Found Spy Cookie: go2net.com cookie
9:52 AM: [email protected][1].txt (ID = 2730)
9:52 AM: Found Spy Cookie: infospace cookie
9:52 AM: [email protected][1].txt (ID = 2865)
9:52 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:52 AM: Starting File Sweep
9:52 AM: Found Adware: spysheriff fakealert
9:52 AM: secure32.html (ID = 184319)
9:55 AM: d:\program files\winad client (ID = -2147480018)
9:55 AM: Found Trojan Horse: 2nd-thought
9:55 AM: d:\windows\system32\newmsrdk (ID = -2147481534)
9:55 AM: Warning: Failed to open file "d:\recycler\\dd5\second.bat". The system cannot find the path specified
9:55 AM: Warning: Failed to open file "d:\recycler\\dd5\restart.exe". The system cannot find the path specified
9:56 AM: Warning: Failed to open file "d:\recycler\\dd9.log". The system cannot find the file specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd5\l2mfix.bat". The system cannot find the path specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd11\readme.txt". The system cannot find the path specified
9:59 AM: Warning: Failed to open file "d:\recycler\\dd11\second.bat". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\winlogondefaults.reg". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\regfixes\win2000def.reg". The system cannot find the path specified
10:00 AM: Warning: Failed to open file "d:\recycler\\dd11\keypress.com". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\ntrights.exe". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\process.exe". The system cannot find the path specified
10:01 AM: Warning: Failed to open file "d:\recycler\\dd5\readme.txt". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd10.txt". The system cannot find the file specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\winlogondefaults.reg". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\regfixes\win2000def.reg". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\locate.com". The system cannot find the path specified
10:02 AM: Warning: Failed to open file "d:\recycler\\dd5\keypress.com". The system cannot find the path specified
10:11 AM: Warning: Failed to open file "d:\recycler\\dd5\zip.exe". The system cannot find the path specified
10:16 AM: Warning: Failed to open file "d:\recycler\\dd11\ntrights.exe". The system cannot find the path specified
10:29 AM: Found Adware: adlogix
10:29 AM: test.inf (ID = 49247)
10:34 AM: Warning: Failed to open file "d:\recycler\\dd5\strings.exe". The system cannot find the path specified
10:35 AM: Warning: Failed to open file "d:\recycler\\dd4\runthis.bat". The system cannot find the path specified
10:36 AM: Warning: Failed to open file "d:\recycler\\dd11\process.exe". The system cannot find the path specified
10:41 AM: chfqgyk2.xml (ID = 57648)
10:50 AM: chfqgyk1.xml (ID = 57647)
10:52 AM: Warning: Failed to open file "d:\recycler\\dd11\zip.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\grep.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\sed.exe". The system cannot find the path specified
10:53 AM: Warning: Failed to open file "d:\recycler\\dd4\zip.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\strings.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\restart.exe". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\l2mfix.bat". The system cannot find the path specified
10:54 AM: Warning: Failed to open file "d:\recycler\\dd11\locate.com". The system cannot find the path specified
10:55 AM: chfqgyu.xml (ID = 57649)
10:57 AM: chfqgyu2.xml (ID = 57651)
10:57 AM: chfqgyu1.xml (ID = 57650)
10:57 AM: Warning: Failed to open file "d:\recycler\\dd7.exe". The system cannot find the file specified
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\aui40.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03aef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03cef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\barbara\application data\avafind data\32ecfa03bef7b11d79c6f806d6172696f.db". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat". The process cannot access the file because it is being used by another process
10:57 AM: Warning: Failed to open file "d:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat". The process cannot access the file because it is being used by another process
10:58 AM: Found Adware: azsearch toolbar
10:58 AM: azebar.xml (ID = 239287)
10:58 AM: chfqgyk.xml (ID = 57646)
10:59 AM: backup-20060213-105905-503.inf (ID = 50329)
10:59 AM: chfqgydk.xml (ID = 57645)
11:00 AM: Found Adware: ist yoursitebar
11:00 AM: ysbactivex.inf (ID = 91033)
11:00 AM: Found Adware: dialer access
11:00 AM: installer.inf (ID = 58228)
11:00 AM: winadx.inf (ID = 90469)
11:00 AM: Found Adware: ist istbar
11:00 AM: istactivex.inf (ID = 64605)
11:00 AM: istprotect.inf (ID = 76128)
11:24 AM: File Sweep Complete, Elapsed Time: 01:32:28
11:24 AM: Full Sweep has completed. Elapsed time 01:36:44
11:24 AM: Traces Found: 138
11:25 AM: Removal process initiated
11:25 AM: Quarantining All Traces: 2nd-thought
11:25 AM: Quarantining All Traces: adlogix
11:25 AM: Quarantining All Traces: ist istbar
11:25 AM: Quarantining All Traces: spamrelayer_alpiok
11:25 AM: Quarantining All Traces: spysheriff fakealert
11:26 AM: Quarantining All Traces: azsearch toolbar
11:26 AM: Quarantining All Traces: ist slotchbar
11:26 AM: Quarantining All Traces: trojan-backdoor-superbgirlz
11:26 AM: Quarantining All Traces: winad
11:26 AM: Quarantining All Traces: dealhelper
11:26 AM: Quarantining All Traces: dialer access
11:26 AM: Quarantining All Traces: ist software
11:26 AM: Quarantining All Traces: ist yoursitebar
11:26 AM: Quarantining All Traces: personal money tree
11:26 AM: Quarantining All Traces: ask cookie
11:26 AM: Quarantining All Traces: atlas dmt cookie
11:26 AM: Quarantining All Traces: go2net.com cookie
11:26 AM: Quarantining All Traces: infospace cookie
11:32 AM: Removal process completed. Elapsed time 00:06:50
11:44 AM: Your spyware definitions have been updated.
********
  • 0

#4
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Nope I was wrong....it's still doing it....something is still trying to take over my browser window
  • 0

#5
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Barbara,

Please repost your entire HJT log for us to review.

You forgot the uppermost half in your eply

Logfile of HijackThis v1.99.1
Scan saved at 9:40:02 AM, on 2/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Thanks,

Trevuren
  • 0

#6
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
sorry

Logfile of HijackThis v1.99.1
Scan saved at 11:38:28 AM, on 2/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Norton Internet Security\comHost.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\AvaFind\AvaFind.exe
D:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\dtsc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\E_S00RP1.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\SAgent4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\msdtc.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08FE5F77-19CB-4062-8E47-8EF8D9D0DC64} - D:\WINDOWS\system32\winbrume.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - D:\WINDOWS\System32\AlxTB1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDVirtualPrinterAgent] D:\PROGRA~1\SDApps\PRINT-~1\SDVPAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = D:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\dtsc.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136311698739
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicema...d/smdesktop.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.bestcolor...icsUploader.CAB
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\SAgent4.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please disable Ewido Security Suite (EwidoGuard)

1. Launch Ewido
2. In the main window, click "Realtime protection" (in green indicating "Active") to change to inactive.


We must disable Spy Sweeper for it may interfere with our fix

To disable SpySweeper:
  • Open SpySweeper, click >Options over to the left then >program options >Uncheck "load at windows startup".
  • Over to the left, click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck 'automaticly restore default without notifiction

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {08FE5F77-19CB-4062-8E47-8EF8D9D0DC64} - D:\WINDOWS\system32\winbrume.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - D:\WINDOWS\System32\AlxTB1.dll
    O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
    O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - D:\WINDOWS\System32\SHDOCVW.DLL
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    D:\WINDOWS\system32\winbrume.dll
    D:\WINDOWS\System32\AlxTB1.dll
    D:\WINDOWS\System32\SHDOCVW.DLL

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#8
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I can't find this in Spy Sweeper to disable...I checked the help section then went to sheilds, internet explorer, and there's nothing to uncheck that says...

Uncheck 'automaticly restore default without notifiction


help
  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please try the following:

Locate the SpySweeper Icon in the lower right hand corner of your screen, near the clock.

Right click on the icon and then click on exit and follow the prompts.


Trevuren
  • 0

#10
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
there isn't an icon there for Spy Sweeper...I see ewido, norton, and lots of other stuff but no Spy Sweeper

Could I have shut it off?
  • 0

Advertisements


#11
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I think there's some confusion here

I can open spy sweeper, I can see the sheild button, but when I click on it, then click the internet explorer tab to uncheck 'automaticly restore default without notifiction, there is nothing in that window (or any other window in spy sweeper ...I looked) that says "'automaticly restore default without notifiction" to uncheck
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
The only thing that comes to mind is if you don't intend to buy the program immediately, then just uninstall it. It has done its work.

Then proceed with the fix previously posted.

Trevuren

Edited by Trevuren, 24 February 2006 - 04:50 PM.

  • 0

#13
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry it took so long to reply. This is on my work computer so I only have access M-F

Here's the latest log....things seem to be running better
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 10:08:25 AM, on 2/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Norton Internet Security\comHost.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\AvaFind\AvaFind.exe
D:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\dtsc.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\E_S00RP1.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\SAgent4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDVirtualPrinterAgent] D:\PROGRA~1\SDApps\PRINT-~1\SDVPAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = D:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\dtsc.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136311698739
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicema...d/smdesktop.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.bestcolor...icsUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C034B7-B640-4157-B69D-868C2B44A3FC}: NameServer = 12.160.158.5 12.160.158.10
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\SAgent4.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Everything is looking good. However just because your log appears clean it doesn't necessarily mean that your entire system is gree. I would like you to run the following:

Please do an online scan with Kaspersky Online Virus Scanner

Next Click on Free Virus Scanner, then Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information into your next post along with a fresh HJT log and any comments that you may have about the possibility of malware remaining on your machine.
Regards

Trevuren

  • 0

#15
ionltd

ionltd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
not so hot

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, February 28, 2006 09:36:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/02/2006
Kaspersky Anti-Virus database records: 168183
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 254746
Number of viruses found: 9
Number of infected objects: 17
Number of suspicious objects: 2
Duration of the scan process: 13200 sec

Infected Object Name - Virus Name
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge10.zip.mwt/a.exe Suspicious: Password-protected-EXE
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge10.zip.mwt Suspicious: Password-protected-EXE
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\168220D7.dll Infected: Trojan.Win32.Crypt.t
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E36305C.tmp Infected: Trojan-Downloader.Java.OpenStream.c
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78D876A0.exe Infected: Trojan-Downloader.Win32.Small.cjg
D:\Documents and Settings\Barbara\Desktop\JUNK\New Folder (2)\Program Files\Norton AntiVirus\Quarantine\07DC17CB Infected: Net-Worm.Win32.Lovesan.a
D:\Documents and Settings\Barbara\Desktop\JUNK\New Folder (2)\Program Files\Norton AntiVirus\Quarantine\17AE4B8D Infected: Net-Worm.Win32.Lovesan.a
D:\Documents and Settings\Barbara\Desktop\JUNK\Program Files\Norton AntiVirus\Quarantine\07DC17CB Infected: Net-Worm.Win32.Lovesan.a
D:\Documents and Settings\Barbara\Desktop\JUNK\Program Files\Norton AntiVirus\Quarantine\17AE4B8D Infected: Net-Worm.Win32.Lovesan.a
D:\Documents and Settings\Barbara\Local Settings\Application Data\Identities\{B6371232-5C47-4171-9F54-08D6F88EE3B1}\Microsoft\Outlook Express\Inbox.dbx/[From from <[email protected]> forward (user good) [3990/158]][Date Fri, 20 Jan 2006 04:07:43 -0500]/html Infected: Trojan-Spy.HTML.Paylap.hz
D:\Documents and Settings\Barbara\Local Settings\Application Data\Identities\{B6371232-5C47-4171-9F54-08D6F88EE3B1}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Paylap.hz
D:\Documents and Settings\Barbara\Local Settings\Application Data\Identities\{B6371232-5C47-4171-9F54-08D6F88EE3B1}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx/[From from <[email protected]> forward (user good) [3731/147]][Date Sun, 19 Feb 2006 08:04:00 -0500]/html Infected: Trojan-Spy.HTML.Paylap.fg
D:\Documents and Settings\Barbara\Local Settings\Application Data\Identities\{B6371232-5C47-4171-9F54-08D6F88EE3B1}\Microsoft\Outlook Express\Norton AntiSpam Folder.dbx Infected: Trojan-Spy.HTML.Paylap.fg
D:\WINDOWS\system32\winmgmt32.dll Infected: Trojan-Spy.Win32.Gepost.k
F:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A0EB96B4-D697-412F-A8CC-0F35CA1EB84A}\Microsoft\Outlook Express\Deleted Items.dbx/[From from <[email protected]>][Date Tue, 22 Jul 2003 02:18:42 +0000]/UNNAMED/wellsfargo.com.jsessionid=5QWBU8TLSM01.pif Infected: Trojan-Proxy.Win32.Webber.10.e
F:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A0EB96B4-D697-412F-A8CC-0F35CA1EB84A}\Microsoft\Outlook Express\Deleted Items.dbx/[From from <[email protected]>][Date Tue, 22 Jul 2003 02:18:42 +0000]/UNNAMED Infected: Trojan-Proxy.Win32.Webber.10.e
F:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A0EB96B4-D697-412F-A8CC-0F35CA1EB84A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Proxy.Win32.Webber.10.e
F:\Program Files\Norton AntiVirus\Quarantine\07DC17CB Infected: Net-Worm.Win32.Lovesan.a
F:\Program Files\Norton AntiVirus\Quarantine\17AE4B8D Infected: Net-Worm.Win32.Lovesan.a

Scan process completed.



hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 9:42:09 AM, on 2/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\dtsc.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Norton Internet Security\comHost.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\E_S00RP1.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\SAgent4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr1.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "D:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDVirtualPrinterAgent] D:\PROGRA~1\SDApps\PRINT-~1\SDVPAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = D:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\dtsc.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136311698739
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicema...d/smdesktop.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.bestcolor...icsUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C034B7-B640-4157-B69D-868C2B44A3FC}: NameServer = 12.160.158.5 12.160.158.10
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - D:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - D:\WINDOWS\System32\SAgent4.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP