Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me!..spyware is killing the web


  • Please log in to reply
5 replies to this topic

#1 kiloday

kiloday

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 27 May 2005 - 03:46 PM

Here is what hijackthis revealed

Logfile of HijackThis v1.99.1
Scan saved at 12:40:38 PM, on 5/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system\drpond.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\nojknyd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\hlpkmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\ashwin verma\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
C:\WINDOWS\System32\rzvrlm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SDWin32 Class - {F041D3EF-BE61-4481-B8B2-3A75D8E90304} - C:\WINDOWS\System32\dbxnx.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AutoLoaderuz7y1ZdWWOIZ] "C:\WINDOWS\System32\hpomon05.exe" /HideDir /HideUninstall /PC="CP.SAV" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [u4oO3tg] hpomon05.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rzvrlm.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [f37ERjM2h] hlpkmgr.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Startup: desktop Original 1.ini
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = ?
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: desktop Original 1.ini
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...5000/model.html
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.jud2.state.ct.us/webforms/Codebase/FormCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hlimyag - Unknown owner - C:\WINDOWS\system32\hlimyag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2005 - 02:13 PM

Howdy kiloday and Welcome to the Bleeping Computer!

Thats quite a mess you have there!!!

First thing I need to know>>Is Norton Antivirus still working and Can you get it Updated?

Post back ASAP and I will prepare a first pass for you!

#3 kiloday

kiloday
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 31 May 2005 - 05:58 PM

This is what a panda scan revealed on my pc...i have a damn aurora problem...what should i do? i can update norton virus

Incident Status Location

Virus:Trj/Downloader.ANX Disinfected Operating system
Adware:Adware/Apropos No disinfected C:\WINDOWS\System32\hlpkmgr.exe
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\System32\winupdt.008
Spyware:Spyware/ShopNav No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\DOCUME~1\ASHWIN~1\LOCALS~1\Temp\bs*.tmpbsx32
Adware:Adware/Apropos No disinfected C:\Program Files\AutoUpdate
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/Fizzle No disinfected C:\Program Files\FwBarTemp
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Kingporn No disinfected C:\DOCUME~1\ASHWIN~1\LOCALS~1\Temp\ExtractDLL.dll
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\DOCUME~1\ASHWIN~1\LOCALS~1\Temp\DrTemp
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\ashwin verma\Favorites\1111\1111.url
Adware:Adware/Searchforit No disinfected C:\Program Files\sf
Adware:Adware/SearchTheWeb No disinfected C:\Documents and Settings\ashwin verma\Desktop\Search The Web.LNK
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\ashwin verma\Favorites\1111\1111.url
Virus:Exploit/iFrame Disinfected Personal Folders\Deleted Items\Look,my beautiful girl friend\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Re:ashwin,congratulations
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Fw: Inner Peace\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\A special new website\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Loan from Citibank\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Let's be friends\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Jan 29 2003 14\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Eager to see you\MSG_RTF.TXT
Adware:Adware/Envolo No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\cfin[cfin]
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\cfout.txt
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\cln17.tmp
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/eZula No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\temp.fr5501\eapbh.dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\temp.fr994A
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temp\uninstall.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\0HQFGT6J\virus[1].bmp
Virus:Trj/Delf.EB Disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\49IRW5IN\29[1].bin
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\49IRW5IN\drugs-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\49IRW5IN\drugs[1].bmp
Adware:Adware/Startpage.XM No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\6X4VIL8H\My404[1].exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\6X4VIL8H\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\6X4VIL8H\newmajorse2[1].cab[newmajorse2.txt]
Virus:Trj/Favadd.G Disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\6X4VIL8H\sfita[1].exe
Virus:Trj/Downloader.COY Disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\8D0BWN0F\aun_0027[1].exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\8D0BWN0F\fav.cat[1].php
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\A1O9ONCV\pubanrs[1].htm
Adware:Adware/DealHelper No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\BAOVFX8D\download[3].htm
Adware:Adware/WinTools No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CLE3ST23\56[1].bin
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CLE3ST23\mtrslib2[1].js
Adware:Adware/WinTools No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CLE3ST23\TBPS[1].cab[TBPS.exe]
Adware:Adware/Envolo No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\AutoUpdaterInstaller[1].exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\auto_update[1]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\default.tbr[1].php
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\fav-ico[1].bmp
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\inst25[1].exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\CPUJ85QR\Nail[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\D7BBLLSE\casino[1].bmp
Virus:VBS/Psyme.C No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\D7BBLLSE\TRACK6[1].CHM[track6.htm]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\GR6H2DIZ\adult.tbr[1].php
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\GR6H2DIZ\drugs.cat[1].php
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\GR6H2DIZ\kwlist2[1].exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\K5M34163\search.mnu[1].php
Adware:Adware/Sqwire No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\K5M34163\tsupdate[1].ini
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\M5OFEXA5\inst12[1].exe
Adware:Adware/DealHelper No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\OBTJU6FH\downloaddll[1].htm
Adware:Adware/PortalScan No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\QT7WT8RY\61[1].bin
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\QT7WT8RY\adult.tbr[1].php
Adware:Adware/Apropos No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\QT7WT8RY\AproposClientInstaller[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\QT7WT8RY\dating[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\S1I34D2F\casino-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\S1I34D2F\dating-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\S1I34D2F\fav[1].bmp
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\S961AXWT\151[1].bin
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\S961AXWT\trk_0006[1].exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\STQZK1QF\TBPSSvc[1].cab[TBPSSvc.exe]
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\U3M90HY1\EULA[1].ctxt[EULA[1].ctxt]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\W1STAR4D\search.mnu[1].php
Adware:Adware/Apropos No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\WX6ZW1UZ\51[1].bin
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\ashwin verma\Local Settings\Temporary Internet Files\Content.IE5\WX6ZW1UZ\default.tbr[1].php
Virus:Exploit/iFrame Disinfected Personal Folders\Deleted Items\Look,my beautiful girl friend\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Re:ashwin,congratulations
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Fw: Inner Peace\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\A special new website\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Loan from Citibank\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Let's be friends\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Jan 29 2003 14\MSG_RTF.TXT
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Ashwin-Digitalroot\Eager to see you\MSG_RTF.TXT
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\debbie valentin\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\07D08545-7266-4393-87BB-0C05C8\4AC6AB35-26A2-486F-A9BE-8AC86B
Virus:Trj/Clicker.CY Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\189CCB73-7014-4403-A162-BA93A4\1D34216D-54D0-41F4-9810-813B9B
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3880C9BD-06DD-458C-BD5D-7ABE69\7A9C9618-57F1-422B-8926-6405AF
Virus:Trj/Clicker.CZ Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4002922A-61CB-40BD-B9BB-3B4166\1F7E2C25-32B2-474D-99DE-5C575A
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4002922A-61CB-40BD-B9BB-3B4166\4454AD37-3C54-41A0-9834-D9F039
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4002922A-61CB-40BD-B9BB-3B4166\76F4C43E-8706-426D-8875-02B631
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4002922A-61CB-40BD-B9BB-3B4166\83A921CA-96F9-43BF-8D27-6BEE5B
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4002922A-61CB-40BD-B9BB-3B4166\FABC9177-52AA-4749-B1BE-8D0099
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4FE58E44-ACC7-481A-8562-707CA8\F82C9C2A-2389-4A04-84D1-FB57F8
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\54AD9D2E-5C73-41A0-864C-C1E86F\254E009F-51B4-4542-8ADB-17CB94
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\764779F7-45FF-4BEC-88BB-A7AFD6\B155FDB0-3A7C-4963-95BC-77921F
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\770CFB21-DBF2-416B-81EE-1260D8\08D18821-3D2B-4D77-BFE3-D83CAD
Virus:Trj/Clicker.DJ Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B4A25E3D-1019-452B-9466-F08D49\9C1E8434-266C-4B7F-A054-324C43
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D4DE0BF3-68CC-4F1B-A42C-8CCB37\3D827BB6-0146-4471-8C58-BC57B1
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FEAB7E63-6A42-4B4D-8734-33D7BC\608FACD9-E6C3-4182-9AC7-EEC5A9
Adware:Adware/Pacimedia No disinfected C:\Program Files\Windows Media Player\OLD6C.tmp
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\dpnxstbe.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\Nail.exe
Virus:Trj/Downloader.ANX Disinfected C:\WINDOWS\system\QBUninstaller.exe
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\system32\Cache\mswinstall.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\dbxnxc.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\dbxnxd.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\dbxnxf.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\hhajebl.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\hjifycr.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\hlimyag.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\hlpkmgr.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\huatego.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\mxfglc.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\mxfgld.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\mxfglf.exe
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\system32\ps1.exe
Virus:Trj/Multidropper.XI Disinfected C:\WINDOWS\system32\Qool.exe
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\unpack.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Virus:Trj/Clicker.CX Disinfected C:\WINDOWS\system32\wmconfig.cpl
Adware:Adware/Transponder No disinfected C:\WINDOWS\ttnnge.exe

#4 kiloday

kiloday
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 01 June 2005 - 06:02 PM

yes i can get it updated..

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 02 June 2005 - 06:43 PM

We need to get HijackThis into a Permanent folder!

To do this>"Right Click" the Desktop>Select "New">Select "Folder">Name it whatever you like!

Now locate the original Zip file for HijackThis and place it in the new folder!

Unzip and "Extract All Files"

Next I am going to ask you to download several programs to use while Safe Mode,please dont run any of these until I ask you to!

Please download all these to the New Folder you just created,if you have to download a Zip folder,when you Unzip it find the selection to "Extract all Files" for each download!

Should be in the upper left hand side of the Window you have open but if not try click the File Button at the top left!

Download RegScrubXP Pro
http://majorgeeks.com/Lexun_RegScrubXP_d2048.html
We will use this on the 2nd pass!

Please Download Microsoft® Windows® Malicious Software Removal Tool
http://www.microsoft.com/downloads/details...&displaylang=en


Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net/en/download/updates/

Next,I want you to use the 30 free free scanner service from SRN Micro and scan the system with that!

Solo Antivirus
http://www.srnmicro.com/downloads/evaluate/TrySolo.exe

Click Update to let Solo check for new updates available,then Click Options,put a check by "Scan Archives" and "Create a Report"

AdawareSE 1.05
http://www.bleepingcomputer.com/forums/ind...showtutorial=48

The link will tell you how to Install>Update>Configure and Scan!

CleanUp! 4.0
http://downloads.stevengould.org/cleanup/CleanUp40.exe

Reboot into SAFE MODE(Tap F8 just as Windows begins to load)

Using the arrows on the Keyboard> Select the Option labeled "Safe Mode" and Hit Enter!


Once in Safe Mode,Open all these programs in the exact order I ask you to but dont run them just yet and dont minimize them either!

CleanUp! 4.0

Microsoft® Windows® Malicious Software Removal Tool

AdawareSE 1.05

Ewido Security Suite

Solo Antivirus


Now Right Click the Task Bar near the Clock and Select Task Manager

Once opened>>Select Processes>>Look for any of these

drpond.exe
nojknyd.exe
GIANTAntiSpywareMain.exe
gcasDtServ.exe
winupdt.exe
rzvrlm.exe


For any and all Instances of any of the above that are found>>Highlight or Right Click and Select End Process!!

Once all those are Ended,Locate Explorer.exe and End Process on it as Well!

When you do this,the Desktop and Task Bar will disappear and all you will see is all the programs I have asked you to open!

Run Solo first>>Select Scan and Delete!

Run Ewido>>Once it finds an Infected file>Click Clean and put a check in the box to apply to all infected files!
Save the log it produces!
If Ewido locks up at any point,just close it for now and move on!

Run Ad Aware SE and remove all it finds and Delete the Quaratine Files!

Run the Microsoft tool and if a log is created>>Save it!

Last Run CleanUp!

Click "Cleanup" and it will Scan and Remove all available Temp files>Click "Close">Click "No" to Logoff!

If Ewido Locked up,I will need you to Disable System Restore now!
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Now Restart again,this time into Safe Mode with Networking

Go to this site and Run the Online Scan
http://www.kaspersky.com/beta?product=161744315

You will have to be using Internet Explorer for the Scan to work!

Once its downloaded and has Updated its Database...you will be ready to Scan!

Physically Unplug the Internet Connection from the back of the PC after the Scan has completely updated and ready to Scan!

Drop all the same processes just as before!

Let the Online Scan run>>It will take several hours to complete!

Once its completed>>Run Ewido once more and Save that log!

Open and Run RegScrubXP>>Click "RegScrubXP finds Problems"

Let it Scan

Click "Select All"

Click "Let RegScrubXP fix!"!

Use the Task Manager to Shut Down and Restart!

Post back with a Fresh HijackThis log!

#6 kiloday

kiloday
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 03 June 2005 - 09:13 AM

First of all...my apologies to all moderators...no disrespect to anyone. I posted a hijack this log a few days ago and accidently created a new post..got a warning..and so on. My post was being worked on by cretemonster...but now it is lost in the pile. I am really getting screwed at work cause of this problem. Appreciate a reply when you get a chance.

here is the log: cretemonster had asked me if i could get a virus update and i can

Logfile of HijackThis v1.99.1
Scan saved at 12:40:38 PM, on 5/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system\drpond.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\nojknyd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\hlpkmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\ashwin verma\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
C:\WINDOWS\System32\rzvrlm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SDWin32 Class - {F041D3EF-BE61-4481-B8B2-3A75D8E90304} - C:\WINDOWS\System32\dbxnx.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AutoLoaderuz7y1ZdWWOIZ] "C:\WINDOWS\System32\hpomon05.exe" /HideDir /HideUninstall /PC="CP.SAV" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [u4oO3tg] hpomon05.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rzvrlm.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [f37ERjM2h] hlpkmgr.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Startup: desktop Original 1.ini
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = ?
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: desktop Original 1.ini
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...5000/model.html
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.jud2.state.ct.us/webforms/Codebase/FormCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hlimyag - Unknown owner - C:\WINDOWS\system32\hlimyag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users