__________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 2:17:36 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Norma\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108323758\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rpswjclb] c:\windows\system32\rpswjclb.exe -start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Blue Up] C:\PROGRA~1\DRIVEB~1\axisarmy.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125662593781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
__________________________________________
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:43:03 PM, 9/2/2005
+ Report-Checksum: 5B74B99A
+ Scan result:
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{43F02779-6D88-4958-8AD3-83C12D86ADC7} -> Spyware.AdvancedSearchbar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Error during cleaning
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Error during cleaning
HKLM\SOFTWARE\Classes\URLSearch.URLSearch -> Spyware.SeekSeek : Error during cleaning
HKLM\SOFTWARE\Classes\US.US -> Spyware.SeekSeek : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATLAssLib -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\PSguard.com -> Spyware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\PSguard.com\PSGuard -> Spyware.PSGuard : Cleaned with backup
[844] C:\WINDOWS\system32\zlpnrvq.exe -> Trojan.Agent.cp : Cleaned with backup
[1084] VM_00EB0000 -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\PSGuard.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Register.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Uninstall.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\marci@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\marci@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\marci@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Marci\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~478836.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~487503.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~506116.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~516970.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~531973.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~589291.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~658215.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~700885.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~728722.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~744064.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~750924.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~779537.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~831568.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~843188.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~847099.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temp\~858279.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temporary Internet Files\Content.IE5\10SFD5W1\svcsysnet32_EN_XP[1].cab/svcsysnet32.dll -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temporary Internet Files\Content.IE5\10SFD5W1\tb[1].txt -> Spyware.ToolBand : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temporary Internet Files\Content.IE5\85QFOLMF\bridge-c10[1].cab/MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temporary Internet Files\Content.IE5\85QFOLMF\jesstraff[1].exe -> TrojanDownloader.Small.amg : Cleaned with backup
C:\Documents and Settings\Marci\Local Settings\Temporary Internet Files\Content.IE5\GPMVWXQ3\exitpop[1] -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKCU\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\HKLM\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Application Data\PSGuard.com\PSGuard\Quarantine\Packages -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\[email protected][1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Norma\Cookies\norma@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\6DD.tmp -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\7A7.tmp -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\9vl1jh.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~18497.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~371639.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~393897.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~427529.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~507556.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~628082.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~645403.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~656736.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~667718.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~673074.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~679102.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~847186.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~854320.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~888277.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~893952.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~894975.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~897959.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~906733.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~923352.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~942382.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~945988.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~948520.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~949551.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~952406.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~963501.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Documents and Settings\Norma\Local Settings\Temp\~966239.tmp -> TrojanDownloader.WinTool : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0622200513269470968.asw -> Spyware.CometCursor : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle08062005222996344812.asw -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem0622200513259411062.asw -> Spyware.Comet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem0622200513259411125.asw -> Spyware.Comet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem0622200513259411156.asw -> Spyware.CometCursor : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem0622200513269426468.asw -> Spyware.Wintools : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem06232005112868767937.asw -> Spyware.Wintools : Cleaned with backup
C:\WINDOWS\9vl1jh.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\aad.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\ATLASSUI.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\bwktlzvqqtb.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dload.exe -> Trojan.LowZones.bn : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\inviteabi.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\stlbd.dll -> Spyware.ToolBand : Cleaned with backup
C:\WINDOWS\SYSTEM32\9vl1jh.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\j5u1m1u.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\SYSTEM32\kjb21zrjoe0r.dll -> TrojanDownloader.Small.amg : Cleaned with backup
C:\WINDOWS\SYSTEM32\ut1dxb.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\zlpnrvq.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\tbabi.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\tbdr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\win32res.exe -> Trojan.Agent.fl : Cleaned with backup
::Report End
_______________________________________________
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:42:32 PM, 9/7/2005
+ Report-Checksum: 64E09E2A
+ Scan result:
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Error during cleaning
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Error during cleaning
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Error during cleaning
HKLM\SOFTWARE\Classes\URLSearch.URLSearch -> Spyware.SeekSeek : Error during cleaning
HKLM\SOFTWARE\Classes\US.US -> Spyware.SeekSeek : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
::Report End
_____________________________________
Looking For mirindaspg.exe
Find mirindaspg.exe and more at Lycos Search. No clutter, just answers. Lycos - Go Get It!
Find mirindaspg.exe
Your relevant result is a click away!
Look for mirindaspg.exe
Find mirindaspg.exe at one of the best sites the Internet has to offer!
NEED TECH SUPPORT?
Get live help right now!
Tech Support Guy Forums > Internet & Networking > Security > Aurora
--------------------------------------------------------------------------------
PDA This is a text-only version of our page. Click here to view the full version of "Aurora"
--------------------------------------------------------------------------------
tinybri01-Sep-2005, 10:59 PM
Here is the updated log for Hijack and Ewido. what is the active scan?:
Logfile of HijackThis v1.99.1
Scan saved at 7:51:58 PM, on 9/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Holly Brown\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r2.attbi.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:44:49 PM, 9/1/2005
+ Report-Checksum: 6E9E8FEC
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
[784] C:\WINDOWS\System32\rtxmpis.exe -> Trojan.Agent.cp : Cleaned with backup
[1808] VM_012F0000 -> Adware.BetterInternet : Error during cleaning
C:\!Submit\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Holly Brown\Cookies\holly brown@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Holly Brown\Cookies\holly [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Holly Brown\Cookies\holly brown@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Holly Brown\Cookies\holly brown@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Holly Brown\Cookies\holly [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Holly Brown\Desktop\backups\backup-20050831-010624-622.dll -> Spyware.WinAD : Cleaned with backup
C:\Temp\bundle_cdt1006.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\mirindaspg.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\8n46i4sr.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\g27n.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\HookPopup.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\iniquota.exe -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\mirindaspg.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\WINDOWS\system32\Qsoteg.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\rtxmpis.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\upsasptiqz.exe -> Adware.BetterInternet : Cleaned with backup
::Report End
--------------------------------------------------------------------------------
khazars31-Aug-2005, 06:23 AM
hi, welcome to TSG.
go to add/remove and uninstall Media Gateway, Viewpoint Toolbar, SurfSideKick 3, Viewpoint and PLook look for their folders in C:\program files and delete them.
Download the pocket killbox
http://www.bleepingc...les/killbox.php
Download the Nail/aurora fix
http://www.noidea.us...ex.php?folder=2
* Download the trial version of Ewido Security Suite here
http://www.ewido.net/en/
* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
*Download Cleanup from Here
http://www.stevengou...p/download.html
* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET
* Click here for info on how to boot to safe mode if you don't already know
how.
How to boot to safe mode
http://service1.syma...src=sec_doc_nam
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
have hijack this fix these entries. close all browsers and programmes before
clicking FIX.
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [gwbeee] C:\WINDOWS\System32\gltqhr.exe r
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [SYSTEM] lsas.exe
O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.
Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\Nail.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PLook\plook.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\System32\gltqhr.exe
find and delete these files and folders if there?
Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden
files and folders" and "Search system subfolders"
Next click on My Computer. Go to Tools > Folder Options. Click on the View
tab and make sure that "Show hidden files and folders" is checked. Also
uncheck "Hide protected operating system files" and "Hide extensions for
known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Don't delete Lsass, this is the legitimate file
ndis.exe
msdrvs32.exe
lsas.exe
* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will
disappear and reappear, and a window should open and close very quickly ---
this is normal.
* Run Ewido:
* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.
post another hijack this log, the ewido and active scan logs
--------------------------------------------------------------------------------
tinybri31-Aug-2005, 04:30 AM
Well, my computer was infected by mirindaspg.exe and Aurora (not sure if they're the same thing). I tried to follow some of the directions on this forum but couldn't remove everything. At least now when I surf I don't get a virus popup every 5 seconds... however the Aurora browser still shows up and throws a bunch of popups at me. Would really appreciate it if somebody could help out. Here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:29:58 AM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\gltqhr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\PLook\plook.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Holly Brown\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r2.attbi.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [gwbeee] C:\WINDOWS\System32\gltqhr.exe r
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [SYSTEM] lsas.exe
O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O20 - AppInit_DLLs: repairs.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
--------------------------------------------------------------------------------
vBulletin v3.0.7, Copyright ©2000-2005, Jelsoft Enterprises Ltd.
Live Support | Nationwide 56k | Web Templates | New York Apartments
_____________________________________
There is everything I have thrown at it, and it's still there.
Dell Demension
Celeron 1.27
Win XP Home SP2
NAV 2004
Adrian