Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuous Popups Are Consuming Pc


  • Please log in to reply
7 replies to this topic

#1 chris thom

chris thom

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 December 2005 - 11:43 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:40:50 AM, on 12/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O1 - Hosts: 135.10.2.33 hpopsnew.uhi.amerco
O1 - Hosts: 172.31.17.38 repair1-web.uhi.amerco
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://auohsjsrb01.oracleoutsourcing.com:1...tor/oajinit.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F654B17-F8C0-4DBF-9E6D-5A68F251B68F}: NameServer = 64.19.9.18,64.19.9.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F654B17-F8C0-4DBF-9E6D-5A68F251B68F}: NameServer = 64.19.9.18,64.19.9.33
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\gpp8l37u1.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:23 PM

Posted 02 December 2005 - 12:29 PM

Hi and :thumbsup: to BleepingComputer!

My name is David Posted Image

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 chris thom

chris thom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 December 2005 - 02:04 PM

********
12:39 PM: | Start of Session, Friday, December 02, 2005 |
12:39 PM: Spy Sweeper started
12:39 PM: Sweep initiated using definitions version 577
12:39 PM: Starting Memory Sweep
12:39 PM: Found Adware: icannnews
12:39 PM: Detected running threat: C:\WINDOWS\system32\kvdpo.dll (ID = 83)
12:39 PM: Detected running threat: C:\WINDOWS\system32\o6lulg3916.dll (ID = 83)
12:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:41 PM: Memory Sweep Complete, Elapsed Time: 00:02:17
12:41 PM: Starting Registry Sweep
12:41 PM: Found Adware: 7adpower
12:41 PM: HKCR\clsid\{dc065fa6-08f9-4c50-99dc-275d16cfc5bd}\ (1 subtraces) (ID = 102131)
12:41 PM: HKLM\software\classes\clsid\{dc065fa6-08f9-4c50-99dc-275d16cfc5bd}\ (1 subtraces) (ID = 102189)
12:41 PM: Found Adware: hotbar
12:41 PM: HKCR\clsid\{cdc6e08a-2b2e-4a7f-9aff-78d55fcb2591}\ (3 subtraces) (ID = 127268)
12:41 PM: HKLM\software\classes\clsid\{cdc6e08a-2b2e-4a7f-9aff-78d55fcb2591}\ (3 subtraces) (ID = 127432)
12:41 PM: Found Adware: odysseus marketing
12:41 PM: HKCR\appid\actsetup.dll\ (ID = 136317)
12:41 PM: HKLM\software\classes\appid\actsetup.dll\ (ID = 136323)
12:41 PM: Found Adware: safeguard protect
12:41 PM: HKLM\software\classes\typelib\{d7a0f48e-f6e8-4aae-93e8-99b63aaeb041}\ (7 subtraces) (ID = 140312)
12:41 PM: HKCR\typelib\{d7a0f48e-f6e8-4aae-93e8-99b63aaeb041}\ (7 subtraces) (ID = 140316)
12:41 PM: Found Adware: screensavers
12:41 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
12:41 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
12:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\ (2 subtraces) (ID = 140568)
12:41 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
12:41 PM: Found Adware: searchrelevancy
12:41 PM: HKCR\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141290)
12:41 PM: HKLM\software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141293)
12:41 PM: HKLM\software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (7 subtraces) (ID = 141295)
12:41 PM: HKCR\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (7 subtraces) (ID = 141302)
12:41 PM: Found Adware: directrevenue-abetterinternet
12:41 PM: HKLM\software\sdf7sdfgs324\ (ID = 146129)
12:41 PM: HKLM\software\safeguard protect\ (4 subtraces) (ID = 879722)
12:41 PM: Found Adware: dollarrevenue
12:41 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
12:41 PM: Found Adware: command
12:41 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
12:41 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
12:41 PM: Found Adware: big web portal
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ || mst (ID = 104396)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ || ttttlll (ID = 104397)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ || iiiilll (ID = 104398)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ffffaaa\ (2 subtraces) (ID = 104399)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ssss\ (2 subtraces) (ID = 104400)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\iiii\ (4 subtraces) (ID = 104401)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\pppp\ (2 subtraces) (ID = 104402)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\kkkk\ (68 subtraces) (ID = 104403)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\share_bwp\ (92 subtraces) (ID = 104404)
12:41 PM: HKU\S-1-5-21-1330850175-2704643170-4216762917-1006\software\safeguard protect\ (27 subtraces) (ID = 832657)
12:41 PM: Found Adware: comet cursor
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {fe6bc4ef-5676-484b-88ae-883323913256} (ID = 106731)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\hotbar\ (214 subtraces) (ID = 127565)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\explorer bars\{becafc17-baf9-11d4-b492-00d0b77f0a6d}\ (2 subtraces) (ID = 127573)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}\ (2 subtraces) (ID = 127574)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
12:41 PM: Found Adware: internetoptimizer
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\avenue media\ (ID = 128887)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\policies\avenue media\ (ID = 128928)
12:41 PM: Found Adware: 180search assistant/zango
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\salm\ (16 subtraces) (ID = 135792)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\windows\currentversion\run\ || pcshield (ID = 140314)
12:41 PM: Found Adware: surfsidekick
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\internet explorer\urlsearchhooks\ || _{ca0e28fa-1afd-4c21-a8dc-70eb5be2f076} (ID = 143395)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 2 (ID = 143402)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\surfsidekick2\ (3 subtraces) (ID = 143410)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
12:41 PM: HKU\WRSS_Profile_S-1-5-21-1330850175-2704643170-4216762917-1003\software\safeguard protect\ (2 subtraces) (ID = 832657)
12:41 PM: Registry Sweep Complete, Elapsed Time:00:00:20
12:41 PM: Starting Cookie Sweep
12:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:41 PM: Starting File Sweep
12:42 PM: c:\documents and settings\user\application data\hotbar (1502 subtraces) (ID = -2147480877)
12:42 PM: c:\program files\screensavers.com (10 subtraces) (ID = -2147480365)
12:42 PM: d_icons_buttons_2000.xip (ID = 62280)
12:42 PM: d_icons_buttons_1000.xip (ID = 62278)
12:42 PM: d_icons_buttons_3000.xip (ID = 62282)
12:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:42 PM: d_icons_buttons_2000.res (ID = 62279)
12:42 PM: d_icons_buttons_bbar9.res (ID = 121838)
12:42 PM: d_icons_buttons_2000.res (ID = 62279)
12:42 PM: d_icons_buttons_x.res (ID = 121839)
12:42 PM: d_icons_buttons_1000.res (ID = 62277)
12:42 PM: d_icons_buttons_x.res (ID = 121839)
12:42 PM: Found Adware: look2me
12:42 PM: e6200gfme62a0.dll (ID = 159)
12:42 PM: d_icons_buttons_2000.xip (ID = 62280)
12:42 PM: d_icons_buttons_2000.res (ID = 62279)
12:42 PM: d_icons_weather.res (ID = 121840)
12:42 PM: d_icons_buttons_bbar2.res (ID = 121831)
12:43 PM: tsd_bg.res (ID = 62382)
12:43 PM: d_icons_buttons_x.res (ID = 121839)
12:43 PM: icons2.res (ID = 121846)
12:43 PM: hbhostoe.dll (ID = 62307)
12:43 PM: d_icons_buttons_bbar11.res (ID = 121827)
12:43 PM: progress.res (ID = 62367)
12:43 PM: d_icons_buttons_bbar2.res (ID = 121831)
12:43 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:43 PM: Found Adware: quicklink search toolbar
12:43 PM: 8b75056f-fdf6-488c-b355-a4de5f (ID = 200308)
12:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:43 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:44 PM: d_icons_buttons_bbar8.xip (ID = 114356)
12:44 PM: d_icons_buttons_bbar9.xip (ID = 114377)
12:44 PM: d_icons_buttons_bbar11.xip (ID = 114340)
12:44 PM: d_icons_buttons_x.xip (ID = 121859)
12:44 PM: c6849819-dc4a-443f-9fa0-5f9fac (ID = 200308)
12:44 PM: d_icons_buttons_bbar11.res (ID = 121827)
12:44 PM: d_icons_buttons_bbar9.res (ID = 121838)
12:44 PM: 46c87e3a-2b69-4589-95d4-62f205 (ID = 200308)
12:44 PM: progress.res (ID = 62367)
12:44 PM: d_icons_buttons_3000.res (ID = 62281)
12:44 PM: d_icons_buttons_1000.res (ID = 62277)
12:44 PM: progress.res (ID = 62367)
12:44 PM: tsd_bg.res (ID = 62382)
12:44 PM: progress.res (ID = 62367)
12:44 PM: progress.res (ID = 62367)
12:44 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:44 PM: progress.res (ID = 62367)
12:44 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:44 PM: aea10f5b-92aa-48b0-941c-c3a340 (ID = 200308)
12:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:46 PM: d_icons_buttons_3000.res (ID = 62281)
12:46 PM: tsd_bg.xip (ID = 62383)
12:46 PM: d_icons_buttons_bbar1.xip (ID = 114354)
12:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:46 PM: cc_43.inf (ID = 53469)
12:46 PM: d_icons_weather.xip (ID = 121860)
12:47 PM: icons2.res (ID = 121846)
12:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:47 PM: d_icons_buttons_3000.res (ID = 62281)
12:47 PM: d_icons_buttons_bbar10.res (ID = 121826)
12:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:47 PM: d_icons_buttons_bbar12.res (ID = 121828)
12:47 PM: d_icons_buttons_bbar10.res (ID = 121826)
12:47 PM: Found Adware: apropos
12:47 PM: wingenerics.dll (ID = 50187)
12:48 PM: d_icons_buttons_bbar3.res (ID = 121832)
12:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:48 PM: d_icons_buttons_bbar5.res (ID = 121834)
12:48 PM: d_icons_buttons_bbar11.res (ID = 121827)
12:48 PM: d_icons_weather.res (ID = 121840)
12:48 PM: d_icons_buttons_bbar6.res (ID = 121835)
12:48 PM: d_icons_buttons_bbar9.res (ID = 121838)
12:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:49 PM: d_icons_buttons_bbar7.res (ID = 121836)
12:49 PM: d_icons_buttons_bbar12.res (ID = 121828)
12:49 PM: d_icons_buttons_3000.res (ID = 62281)
12:49 PM: d_icons_buttons_bbar3.res (ID = 121832)
12:49 PM: backup-20051201-103154-851.dll (ID = 74752)
12:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:49 PM: progress.res (ID = 62367)
12:49 PM: d_icons_buttons_bbar5.res (ID = 121834)
12:49 PM: d_icons_buttons_bbar6.res (ID = 121835)
12:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:50 PM: components.cdf (ID = 121817)
12:50 PM: siuninst.exe (ID = 74757)
12:50 PM: progress.res (ID = 62367)
12:50 PM: progress.res (ID = 62367)
12:50 PM: d_icons_buttons_bbar9.res (ID = 121838)
12:50 PM: s_icons_buttons.res (ID = 121850)
12:50 PM: d_icons_buttons_bbar11.res (ID = 121827)
12:50 PM: d_icons_buttons_bbar7.res (ID = 121836)
12:50 PM: d_icons_weather.res (ID = 121840)
12:50 PM: s_icons_buttons.res (ID = 121850)
12:50 PM: d_icons_buttons_x.res (ID = 121839)
12:50 PM: backup-20050217-090755-331.inf (ID = 48452)
12:50 PM: default_hotbarcom.mnu (ID = 121820)
12:50 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:50 PM: d_icons_buttons_bbar4.res (ID = 121833)
12:50 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:50 PM: progress.res (ID = 62367)
12:50 PM: t2_bg.res (ID = 121851)
12:50 PM: tsd_bg.res (ID = 62382)
12:50 PM: components.cdf (ID = 121817)
12:50 PM: default_hotbarcom.mnu (ID = 121820)
12:50 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:50 PM: d_icons_buttons_bbar4.res (ID = 121833)
12:50 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:50 PM: progress.res (ID = 62367)
12:50 PM: t2_bg.res (ID = 121851)
12:50 PM: tsd_bg.res (ID = 62382)
12:50 PM: d_icons_buttons_bbar1.xip (ID = 114354)
12:50 PM: d_icons_buttons_3000.xip (ID = 62282)
12:50 PM: d_icons_buttons_bbar10.xip (ID = 114391)
12:50 PM: d_icons_buttons_bbar11.xip (ID = 114340)
12:50 PM: d_icons_buttons_bbar12.xip (ID = 114375)
12:50 PM: d_icons_buttons_bbar2.xip (ID = 114393)
12:50 PM: d_icons_buttons_bbar3.xip (ID = 114342)
12:50 PM: d_icons_buttons_bbar4.xip (ID = 114355)
12:50 PM: d_icons_buttons_bbar5.xip (ID = 114376)
12:50 PM: d_icons_buttons_bbar8.xip (ID = 114356)
12:50 PM: d_icons_buttons_bbar6.xip (ID = 114394)
12:50 PM: d_icons_buttons_bbar7.xip (ID = 114343)
12:50 PM: t2_bg.xip (ID = 121869)
12:50 PM: d_icons_buttons_bbar9.xip (ID = 114377)
12:50 PM: icons2.xip (ID = 121862)
12:50 PM: s_icons_buttons.xip (ID = 121868)
12:50 PM: d_icons_buttons_x.xip (ID = 121859)
12:50 PM: d_icons_weather.xip (ID = 121860)
12:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:50 PM: tsd_bg.xip (ID = 62383)
12:50 PM: backup-20050217-090756-224.inf (ID = 71455)
12:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:52 PM: progress.res (ID = 62367)
12:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:52 PM: kvdpo.dll (ID = 159)
12:52 PM: d_icons_buttons_2000.res (ID = 62279)
12:53 PM: d_icons_weather.res (ID = 121840)
12:53 PM: backup-20050217-090756-224.dll (ID = 71452)
12:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:53 PM: o6lulg3916.dll (ID = 159)
12:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:53 PM: lvl8093ue.dll (ID = 159)
12:54 PM: timessquare.exe (ID = 194150)
12:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:54 PM: swpstart.exe (ID = 74759)
12:55 PM: mxhtml.dll (ID = 159)
12:55 PM: enj6l11s1.dll (ID = 159)
12:55 PM: hbsrv.exe (ID = 62320)
12:55 PM: hbhostol.dll (ID = 62308)
12:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:55 PM: sskknwrd.dll (ID = 77733)
12:55 PM: sfg_44cc.dll (ID = 74246)
12:56 PM: hbcoresrv.dll (ID = 62303)
12:56 PM: hbtoolbar.dll (ID = 62329)
12:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:56 PM: sskcwrd.dll (ID = 77712)
12:56 PM: d_icons_buttons_bar.res (ID = 62283)
12:56 PM: d_icons_buttons_bbar13.res (ID = 121829)
12:56 PM: d_icons_buttons_bbar14.res (ID = 121829)
12:56 PM: ads.cdf (ID = 121815)
12:56 PM: hotbar-premium.cdf (ID = 121845)
12:56 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
12:56 PM: Found Adware: twain-tech
12:56 PM: mxtini.inf (ID = 81846)
12:56 PM: linkpathlegal.xip (ID = 121866)
12:56 PM: d_icons_buttons_logos.xip (ID = 62284)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: d_icons_buttons_other.xip (ID = 62284)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: d_icons_buttons_bar.xip (ID = 62284)
12:56 PM: d_icons_buttons_bbar13.xip (ID = 114341)
12:56 PM: d_icons_buttons_bbar14.xip (ID = 114341)
12:56 PM: business_promo.xip (ID = 121856)
12:56 PM: ads.xip (ID = 121855)
12:56 PM: hotbar-premium.xip (ID = 114359)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: business_promo.xip (ID = 121856)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: linkpathlegal.txt (ID = 121849)
12:56 PM: d_icons_buttons_logos.res (ID = 62283)
12:56 PM: d_icons_buttons_other.res (ID = 62283)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: linkpathlegal.txt (ID = 121849)
12:56 PM: d_icons_buttons_logos.res (ID = 62283)
12:56 PM: d_icons_buttons_other.res (ID = 62283)
12:56 PM: d_icons_buttons_bar.res (ID = 62283)
12:56 PM: d_icons_buttons_bbar13.res (ID = 121829)
12:56 PM: d_icons_buttons_bbar14.res (ID = 121829)
12:56 PM: ads.cdf (ID = 121815)
12:56 PM: hotbar-premium.cdf (ID = 121845)
12:56 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: drsmartload.dat (ID = 198788)
12:56 PM: email-def-511745-514279.mnu (ID = 121844)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: email-premium-email-premium_oi.mnu (ID = 121844)
12:56 PM: email-def-511745-514279.mnu (ID = 121844)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: email-premium-email-premium_oi.mnu (ID = 121844)
12:56 PM: business_promo.xip (ID = 121856)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: email-def-511724-9696.mnu (ID = 121842)
12:56 PM: email-def-511745-514279.mnu (ID = 121844)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: email-def-511724-9696.mnu (ID = 121842)
12:56 PM: email-def-511745-514279.mnu (ID = 121844)
12:56 PM: email-def-email-backgrounds.mnu (ID = 121844)
12:56 PM: email-premium-email-premium.mnu (ID = 121844)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: ads.cdf (ID = 121815)
12:56 PM: default_mails.mnu (ID = 121821)
12:56 PM: d_icons_buttons_bar.res (ID = 62283)
12:56 PM: d_icons_buttons_bbar13.res (ID = 121829)
12:56 PM: d_icons_buttons_bbar14.res (ID = 121829)
12:56 PM: d_icons_buttons_logos.res (ID = 62283)
12:56 PM: d_icons_buttons_other.res (ID = 62283)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
12:56 PM: hotbar-premium.cdf (ID = 121845)
12:56 PM: linkpathlegal.txt (ID = 121849)
12:56 PM: ads.cdf (ID = 121815)
12:56 PM: default_mails.mnu (ID = 121821)
12:56 PM: d_icons_buttons_bar.res (ID = 62283)
12:56 PM: d_icons_buttons_bbar13.res (ID = 121829)
12:56 PM: d_icons_buttons_bbar14.res (ID = 121829)
12:56 PM: d_icons_buttons_logos.res (ID = 62283)
12:56 PM: d_icons_buttons_other.res (ID = 62283)
12:56 PM: email-def-511724-9595.mnu (ID = 121842)
12:56 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
12:56 PM: hotbar-premium.cdf (ID = 121845)
12:56 PM: linkpathlegal.txt (ID = 121849)
12:56 PM: ads.xip (ID = 121855)
12:56 PM: business_promo.xip (ID = 121856)
12:56 PM: d_icons_buttons_bar.xip (ID = 62284)
12:56 PM: d_icons_buttons_bbar13.xip (ID = 114341)
12:56 PM: d_icons_buttons_bbar14.xip (ID = 114341)
12:56 PM: d_icons_buttons_logos.xip (ID = 62284)
12:56 PM: d_icons_buttons_other.xip (ID = 62284)
12:56 PM: hotbar-premium.xip (ID = 114359)
12:56 PM: linkpathlegal.xip (ID = 121866)
12:56 PM: progress.xip (ID = 62368)
12:56 PM: Found Adware: shopathomeselect
12:56 PM: backup-20050923-083430-842.inf (ID = 161519)
12:56 PM: backup-20051201-103154-851.inf (ID = 74756)
12:56 PM: File Sweep Complete, Elapsed Time: 00:15:04
12:56 PM: Full Sweep has completed. Elapsed time 00:17:51
12:56 PM: Traces Found: 2320
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: Removal process initiated
12:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: Quarantining All Traces: 180search assistant/zango
12:58 PM: Quarantining All Traces: directrevenue-abetterinternet
12:58 PM: Quarantining All Traces: icannnews
12:58 PM: icannnews is in use. It will be removed on reboot.
12:58 PM: C:\WINDOWS\system32\kvdpo.dll is in use. It will be removed on reboot.
12:58 PM: C:\WINDOWS\system32\o6lulg3916.dll is in use. It will be removed on reboot.
12:58 PM: Quarantining All Traces: look2me
12:58 PM: look2me is in use. It will be removed on reboot.
12:58 PM: kvdpo.dll is in use. It will be removed on reboot.
12:58 PM: o6lulg3916.dll is in use. It will be removed on reboot.
12:58 PM: lvl8093ue.dll is in use. It will be removed on reboot.
12:58 PM: Quarantining All Traces: apropos
12:58 PM: apropos is in use. It will be removed on reboot.
12:58 PM: wingenerics.dll is in use. It will be removed on reboot.
12:58 PM: Quarantining All Traces: comet cursor
12:58 PM: Quarantining All Traces: hotbar
1:00 PM: Quarantining All Traces: internetoptimizer
1:00 PM: Quarantining All Traces: surfsidekick
1:00 PM: Quarantining All Traces: 7adpower
1:00 PM: Quarantining All Traces: big web portal
1:00 PM: Quarantining All Traces: command
1:00 PM: Quarantining All Traces: dollarrevenue
1:00 PM: Quarantining All Traces: odysseus marketing
1:00 PM: Quarantining All Traces: quicklink search toolbar
1:00 PM: Quarantining All Traces: safeguard protect
1:00 PM: Quarantining All Traces: screensavers
1:00 PM: Quarantining All Traces: searchrelevancy
1:00 PM: Quarantining All Traces: shopathomeselect
1:00 PM: Quarantining All Traces: twain-tech
1:00 PM: Warning: Timed out waiting for explorer.exe
1:00 PM: Warning: Timed out waiting for explorer.exe
1:00 PM: Warning: Timed out waiting for explorer.exe
1:00 PM: Warning: Quarantine process could not restart Explorer.
1:02 PM: Removal process completed. Elapsed time 00:04:02
********
12:37 PM: | Start of Session, Friday, December 02, 2005 |
12:37 PM: Spy Sweeper started
12:38 PM: Your spyware definitions have been updated.
12:39 PM: | End of Session, Friday, December 02, 2005 |

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:23 PM

Posted 02 December 2005 - 02:10 PM

aannddd.....a new HJT log please after a reboot

David :thumbsup:

#5 chris thom

chris thom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 December 2005 - 02:17 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:13:48 PM, on 12/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\hijackthis\HijackThis.exe

O1 - Hosts: 135.10.2.33 hpopsnew.uhi.amerco
O1 - Hosts: 172.31.17.38 repair1-web.uhi.amerco
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://auohsjsrb01.oracleoutsourcing.com:1...tor/oajinit.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F654B17-F8C0-4DBF-9E6D-5A68F251B68F}: NameServer = 64.19.9.18,64.19.9.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F654B17-F8C0-4DBF-9E6D-5A68F251B68F}: NameServer = 64.19.9.18,64.19.9.33
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:23 PM

Posted 02 December 2005 - 03:34 PM

Clean Log!! Posted Image
How's everything running?

#7 chris thom

chris thom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 December 2005 - 05:11 PM

Seems to be running fine...

What did you see in the first log that tipped you off to the problem, future reference for me.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:23 PM

Posted 03 December 2005 - 05:07 AM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users