Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
18 replies to this topic

#1 jt2006

jt2006

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 25 January 2006 - 12:16 AM

Hi,
Our computer has been running very slow for at least a year. This last week we have been experiencing multiple problems.
Unable to access D drive, message appears: the disk in drive D is not formatted.
In the System Configuration Utility, the System.ini is blank. Also everytime computer boots, the System Configuration Utility box appears.
One day the DVD E and F drives did not show up on Windows Explorer. It seems okay for now.
Our printer would not work, something about the spooler. Working okay now.
In Control Panel/Administrative Tools/Services, almost everything showed disabled.
A Message box pops up constantly: Network Connections - You (or a program) have requested information from ... Which connection do you want to use? We have a cable connection always on so not sure why this message keeps popping up.
System restore is being turned off somehow. We keep turning it on and somehow it gets turned off by something. No restore points.
Computer extremely slow.
Followed instructions in Preparation Guide. Ran Ad-aware plus edition, tried spybot but it did not work, kept receiving error messages, ran housecall, panda activescan, bitdefender, McAfee Stinger. Virus detected Win32.Netsky.C@mm, Exploit.Iframe.Vulnerability, Win32.Netsky.P@mm.

Is this fixable? Or do we need to format the C Drive?

Thank you,
Joy

Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:44:32 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Media Manager\airsvcu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
c:\program files\common files\aol\1127517554\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\John T. McGoldrick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fdl.msn.com
O16 - DPF: SEAGULL J Walk Java Client 3_3C3 - http://207.228.41.46/jwalk/jwalk/jwalk_ie.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33C9CD44-1EB4-41BC-BDAE-67200C31CC01} (MSNRegKey Class) - http://supportservices.msn.com/us/oetool2/images/msncfg.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124166299047
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/WRActiveX/FileXfer.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://sna.coair.com/HFACTX/HFDSP.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/aut.../autopricer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v10/investor.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 25 January 2006 - 06:29 PM

Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
=================
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 25 January 2006 - 11:35 PM

Hi MFDnSC,

Thank you for the reply. The problem with System Configuration Utility popping up seems to be resolved. The System.ini is still blank, is that okay? The Network Connection box still pops up every few seconds, then stops for a few minutes, then starts up again. It's an irritating bugger.

Completed the following as instructed:

Log from SpySweeper (Ran it twice, the first time a message appeared-stopped responding):

********
5:35 PM: | Start of Session, Wednesday, January 25, 2006 |
5:35 PM: Spy Sweeper started
5:35 PM: Sweep initiated using definitions version 605
5:35 PM: Starting Memory Sweep
5:41 PM: Memory Sweep Complete, Elapsed Time: 00:05:46
5:41 PM: Starting Registry Sweep
5:41 PM: Found Adware: ebates money maker
5:41 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {7f241c00-dab6-11d5-aaa8-0001028df1bc} (ID = 125586)
5:41 PM: Found Adware: sureseeker.com hijack
5:41 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\ || searchurl (ID = 870794)
5:41 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\main\ || search bar (ID = 870796)
5:41 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\search\ || searchassistant (ID = 870797)
5:42 PM: Registry Sweep Complete, Elapsed Time:00:00:32
5:42 PM: Starting Cookie Sweep
5:42 PM: Found Spy Cookie: ebates cookie
5:42 PM: (name removed)@www.ebates[2].txt (ID = 2558)
5:42 PM: Found Spy Cookie: 190dotcom cookie
5:42 PM: (name removed)@206.65.190[1].txt (ID = 1936)
5:42 PM: Found Spy Cookie: 2o7.net cookie
5:42 PM: (name removed)@2o7[1].txt (ID = 1957)
5:42 PM: Found Spy Cookie: l2m.net cookie
5:42 PM: (name removed)@33362002a.l2m[1].txt (ID = 2914)
5:42 PM: Found Spy Cookie: belointeractive cookie
5:42 PM: (name removed)@ads.belointeractive[2].txt (ID = 2295)
5:42 PM: Found Spy Cookie: ads.businessweek cookie
5:42 PM: (name removed)@ads.businessweek[1].txt (ID = 2113)
5:42 PM: (name removed)@ads.businessweek[2].txt (ID = 2113)
5:42 PM: Found Spy Cookie: ads.techtv.com cookie
5:42 PM: (name removed)@ads.techtv[2].txt (ID = 2129)
5:42 PM: Found Spy Cookie: dealtime cookie
5:42 PM: (name removed)@aol.dealtime[2].txt (ID = 2506)
5:42 PM: Found Spy Cookie: belnk cookie
5:42 PM: (name removed)@ath.belnk[2].txt (ID = 2293)
5:42 PM: Found Spy Cookie: atwola cookie
5:42 PM: (name removed)@atwola[1].txt (ID = 2255)
5:42 PM: (name removed)@belointeractive[1].txt (ID = 2294)
5:42 PM: Found Spy Cookie: bizrate cookie
5:42 PM: (name removed)@bizrate[1].txt (ID = 2308)
5:42 PM: (name removed)@bizrate[2].txt (ID = 2308)
5:42 PM: (name removed)@bizrate[3].txt (ID = 2308)
5:42 PM: (name removed)@bizrate[4].txt (ID = 2308)
5:42 PM: (name removed)@bizrate[5].txt (ID = 2308)
5:42 PM: Found Spy Cookie: barelylegal cookie
5:42 PM: (name removed)@c.fsx[1].txt (ID = 2286)
5:42 PM: Found Spy Cookie: centrport net cookie
5:42 PM: (name removed)@centrport[1].txt (ID = 2374)
5:42 PM: Found Spy Cookie: coolsavings cookie
5:42 PM: (name removed)@coolsavings[2].txt (ID = 2465)
5:42 PM: Found Spy Cookie: about cookie
5:42 PM: (name removed)@cruises.about[2].txt (ID = 2038)
5:42 PM: Found Spy Cookie: clickzs cookie
5:42 PM: (name removed)@cz6.clickzs[1].txt (ID = 2413)
5:42 PM: (name removed)@dealtime[1].txt (ID = 2505)
5:42 PM: (name removed)@dealtime[2].txt (ID = 2505)
5:42 PM: (name removed)@dealtime[3].txt (ID = 2505)
5:42 PM: (name removed)@dealtime[4].txt (ID = 2505)
5:42 PM: (name removed)@dealtime[6].txt (ID = 2505)
5:42 PM: Found Spy Cookie: go.com cookie
5:42 PM: (name removed)@disney.go[1].txt (ID = 2729)
5:42 PM: (name removed)@disney.go[2].txt (ID = 2729)
5:42 PM: (name removed)@disneyland.disney.go[1].txt (ID = 2729)
5:42 PM: (name removed)@disneyland.disney.go[3].txt (ID = 2729)
5:42 PM: (name removed)@disneyworld.disney.go[1].txt (ID = 2729)
5:42 PM: (name removed)@dlr.reservations.disney.go[1].txt (ID = 2729)
5:42 PM: (name removed)@dlr.reservations.disney.go[3].txt (ID = 2729)
5:42 PM: Found Spy Cookie: homestore cookie
5:42 PM: (name removed)@domania.homestore[2].txt (ID = 2794)
5:42 PM: Found Spy Cookie: epilot cookie
5:42 PM: (name removed)@epilot[1].txt (ID = 2621)
5:42 PM: (name removed)@espn.go[1].txt (ID = 2729)
5:42 PM: Found Spy Cookie: expage cookie
5:42 PM: (name removed)@expage[2].txt (ID = 2637)
5:42 PM: Found Spy Cookie: preferences cookie
5:42 PM: (name removed)@gm.preferences[1].txt (ID = 3184)
5:42 PM: Found Spy Cookie: go2net.com cookie
5:42 PM: (name removed)@go2net[1].txt (ID = 2730)
5:42 PM: (name removed)@gohawaii.about[2].txt (ID = 2038)
5:42 PM: Found Spy Cookie: tripod cookie
5:42 PM: (name removed)@grady-white.tripod[1].txt (ID = 3592)
5:42 PM: Found Spy Cookie: herfirstlesbiansex cookie
5:42 PM: (name removed)@herfirstlesbiansex[2].txt (ID = 2771)
5:42 PM: (name removed)@homepage.belointeractive[2].txt (ID = 2295)
5:42 PM: (name removed)@homestore[2].txt (ID = 2793)
5:42 PM: (name removed)@homestore[3].txt (ID = 2793)
5:42 PM: (name removed)@homestore[4].txt (ID = 2793)
5:42 PM: (name removed)@homestore[5].txt (ID = 2793)
5:42 PM: (name removed)@houseandhome.aol.homestore[1].txt (ID = 2794)
5:42 PM: (name removed)@houseandhome.aol.homestore[2].txt (ID = 2794)
5:42 PM: Found Spy Cookie: howstuffworks cookie
5:42 PM: (name removed)@howstuffworks[2].txt (ID = 2805)
5:42 PM: (name removed)@howstuffworks[3].txt (ID = 2805)
5:42 PM: (name removed)@howstuffworks[4].txt (ID = 2805)
5:42 PM: Found Spy Cookie: realmedia cookie
5:42 PM: (name removed)@icover.realmedia[2].txt (ID = 3236)
5:42 PM: Found Spy Cookie: infospace cookie
5:42 PM: (name removed)@infospace[1].txt (ID = 2865)
5:42 PM: (name removed)@infospace[3].txt (ID = 2865)
5:42 PM: (name removed)@infospace[4].txt (ID = 2865)
5:42 PM: (name removed)@l2m[1].txt (ID = 2913)
5:42 PM: (name removed)@msn.espn.go[1].txt (ID = 2729)
5:42 PM: Found Spy Cookie: touchclarity cookie
5:42 PM: (name removed)@msn.touchclarity[2].txt (ID = 3566)
5:42 PM: Found Spy Cookie: nextag cookie
5:42 PM: (name removed)@nextag[1].txt (ID = 5014)
5:42 PM: Found Spy Cookie: exitfuel cookie
5:42 PM: (name removed)@nitrous.exitfuel[2].txt (ID = 2636)
5:42 PM: Found Spy Cookie: one-time-offer cookie
5:42 PM: (name removed)@one-time-offer[1].txt (ID = 3095)
5:42 PM: Found Spy Cookie: wtlive.com cookie
5:42 PM: (name removed)@p.wtlive[1].txt (ID = 3700)
5:42 PM: (name removed)@p.wtlive[3].txt (ID = 3700)
5:42 PM: (name removed)@personalfinance.aol.homestore[1].txt (ID = 2794)
5:42 PM: Found Spy Cookie: pricegrabber cookie
5:42 PM: (name removed)@pricegrabber[1].txt (ID = 3185)
5:42 PM: (name removed)@pricegrabber[2].txt (ID = 3185)
5:42 PM: (name removed)@pricegrabber[3].txt (ID = 3185)
5:42 PM: (name removed)@pricegrabber[4].txt (ID = 3185)
5:42 PM: (name removed)@pricegrabber[5].txt (ID = 3185)
5:42 PM: Found Spy Cookie: wegcash cookie
5:42 PM: (name removed)@programs.wegcash[2].txt (ID = 3682)
5:42 PM: Found Spy Cookie: reunion cookie
5:42 PM: (name removed)@reunion[2].txt (ID = 3255)
5:42 PM: (name removed)@roi.atwola[1].txt (ID = 2256)
5:42 PM: Found Spy Cookie: search123 cookie
5:42 PM: (name removed)@search123[1].txt (ID = 3305)
5:42 PM: Found Spy Cookie: starware.com cookie
5:42 PM: (name removed)@starware[2].txt (ID = 3441)
5:42 PM: (name removed)@stat.dealtime[1].txt (ID = 2506)
5:42 PM: (name removed)@stat.dealtime[2].txt (ID = 2506)
5:42 PM: (name removed)@stat.dealtime[3].txt (ID = 2506)
5:42 PM: Found Spy Cookie: stats.klsoft.com cookie
5:42 PM: (name removed)@stats.klsoft[1].txt (ID = 3451)
5:42 PM: (name removed)@stats.klsoft[3].txt (ID = 3451)
5:42 PM: Found Spy Cookie: tacoda cookie
5:42 PM: (name removed)@tacoda[1].txt (ID = 6444)
5:42 PM: Found Spy Cookie: tvguide cookie
5:42 PM: (name removed)@tvguide[1].txt (ID = 3599)
5:42 PM: (name removed)@walking.about[2].txt (ID = 2038)
5:42 PM: Found Spy Cookie: clickxchange adware cookie
5:42 PM: (name removed)@www.clickxchange[2].txt (ID = 2409)
5:42 PM: (name removed)@www.dealtime[2].txt (ID = 2506)
5:42 PM: (name removed)@www.dealtime[3].txt (ID = 2506)
5:42 PM: (name removed)@www.ebates[2].txt (ID = 2558)
5:42 PM: (name removed)@www.ebates[3].txt (ID = 2558)
5:42 PM: (name removed)@www.ebates[4].txt (ID = 2558)
5:42 PM: (name removed)@www.ebates[5].txt (ID = 2558)
5:42 PM: (name removed)@www.ebates[6].txt (ID = 2558)
5:42 PM: (name removed)@www.epilot[1].txt (ID = 2622)
5:42 PM: (name removed)@www.homestore[2].txt (ID = 2794)
5:42 PM: (name removed)@www.howstuffworks[2].txt (ID = 2806)
5:42 PM: (name removed)@www.nextag[1].txt (ID = 5015)
5:42 PM: Found Spy Cookie: screensavers.com cookie
5:42 PM: (name removed)@www.screensavers[2].txt (ID = 3298)
5:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06
5:42 PM: Starting File Sweep
6:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:26 PM: Warning: Failed to read file "d:\our pictures\joseph at the park\joseph at the park 012.jpg". Data error (cyclic redundancy check)
6:26 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:26 PM: Warning: Failed to read file "d:\our pictures\joseph at the park\joseph at the park 011.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 057.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 053.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 042.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 036.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 118.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 050.jpg". Data error (cyclic redundancy check)
6:27 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 049.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\hawaiian furniture\hawaiian furniture 005.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 116.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 114.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 165.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 026.jpg". Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:28 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 004.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 067.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 162.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 003.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 048.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 109.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\hawaii summer-2005\hawaii summer-2005 052.jpg". Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:29 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 140.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 107.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1305.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1296.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1270.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1234.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1226.jpg". Data error (cyclic redundancy check)
6:30 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\imgp1225.jpg". Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read file "d:\our pictures\wendi's pictures\wendi's cannon - xmas 011.jpg". Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read file "d:\our pictures\wendi's pictures\wendi's cannon - xmas 009.jpg". Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read from disk: Data error (cyclic redundancy check)
6:31 PM: Warning: Failed to read file "d:\our pictures\joy's camera 2005\joy's camera 327.jpg". Data error (cyclic redundancy check)
6:31 PM: Found System Monitor: potentially rootkit-masked files
6:31 PM: 00040167. (ID = 0)
6:31 PM: 00040136. (ID = 0)
6:31 PM: 00040160. (ID = 0)
6:31 PM: 00040156. (ID = 0)
6:31 PM: 00040145. (ID = 0)
6:33 PM: 00040108. (ID = 0)
6:34 PM: 00040104. (ID = 0)
6:34 PM: 00040142. (ID = 0)
6:39 PM: Warning: Invalid Stream
6:39 PM: File Sweep Complete, Elapsed Time: 00:57:11
6:39 PM: Full Sweep has completed. Elapsed time 01:03:48
6:39 PM: Traces Found: 112
7:41 PM: Removal process initiated
7:41 PM: Quarantining All Traces: potentially rootkit-masked files
7:42 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
7:42 PM: 00040167. is in use. It will be removed on reboot.
7:42 PM: 00040136. is in use. It will be removed on reboot.
7:42 PM: 00040160. is in use. It will be removed on reboot.
7:42 PM: 00040156. is in use. It will be removed on reboot.
7:42 PM: 00040145. is in use. It will be removed on reboot.
7:42 PM: 00040108. is in use. It will be removed on reboot.
7:42 PM: 00040104. is in use. It will be removed on reboot.
7:42 PM: 00040142. is in use. It will be removed on reboot.
7:42 PM: Quarantining All Traces: ebates money maker
7:42 PM: Quarantining All Traces: sureseeker.com hijack
7:42 PM: Quarantining All Traces: 190dotcom cookie
7:42 PM: Quarantining All Traces: 2o7.net cookie
7:42 PM: Quarantining All Traces: about cookie
7:42 PM: Quarantining All Traces: ads.businessweek cookie
7:42 PM: Quarantining All Traces: ads.techtv.com cookie
7:42 PM: Quarantining All Traces: adultrevenueservice cookie
7:42 PM: Quarantining All Traces: atwola cookie
7:42 PM: Quarantining All Traces: barelylegal cookie
7:42 PM: Quarantining All Traces: belnk cookie
7:42 PM: Quarantining All Traces: belointeractive cookie
7:42 PM: Quarantining All Traces: bizrate cookie
7:42 PM: Quarantining All Traces: centrport net cookie
7:42 PM: Quarantining All Traces: clickxchange adware cookie
7:42 PM: Quarantining All Traces: clickzs cookie
7:42 PM: Quarantining All Traces: coolsavings cookie
7:42 PM: Quarantining All Traces: dealtime cookie
7:42 PM: Quarantining All Traces: ebates cookie
7:42 PM: Quarantining All Traces: epilot cookie
7:42 PM: Quarantining All Traces: exitfuel cookie
7:42 PM: Quarantining All Traces: expage cookie
7:42 PM: Quarantining All Traces: go.com cookie
7:42 PM: Quarantining All Traces: go2net.com cookie
7:42 PM: Quarantining All Traces: herfirstlesbiansex cookie
7:42 PM: Quarantining All Traces: homestore cookie
7:42 PM: Quarantining All Traces: howstuffworks cookie
7:42 PM: Quarantining All Traces: infospace cookie
7:42 PM: Quarantining All Traces: l2m.net cookie
7:42 PM: Quarantining All Traces: nextag cookie
7:42 PM: Quarantining All Traces: one-time-offer cookie
7:42 PM: Quarantining All Traces: preferences cookie
7:42 PM: Quarantining All Traces: pricegrabber cookie
7:42 PM: Quarantining All Traces: realmedia cookie
7:42 PM: Quarantining All Traces: reunion cookie
7:42 PM: Quarantining All Traces: screensavers.com cookie
7:42 PM: Quarantining All Traces: search123 cookie
7:42 PM: Quarantining All Traces: starware.com cookie
7:42 PM: Quarantining All Traces: stats.klsoft.com cookie
7:42 PM: Quarantining All Traces: tacoda cookie
7:42 PM: Quarantining All Traces: touchclarity cookie
7:42 PM: Quarantining All Traces: tripod cookie
7:42 PM: Quarantining All Traces: tvguide cookie
7:42 PM: Quarantining All Traces: wegcash cookie
7:42 PM: Quarantining All Traces: wtlive.com cookie
7:42 PM: Preparing to restart your computer. Please wait...
7:42 PM: Removal process completed. Elapsed time 00:01:32
********
4:02 PM: | Start of Session, Wednesday, January 25, 2006 |
4:02 PM: Spy Sweeper started
4:02 PM: Sweep initiated using definitions version 605
4:02 PM: Starting Memory Sweep
4:09 PM: Memory Sweep Complete, Elapsed Time: 00:07:19
4:09 PM: Starting Registry Sweep
4:10 PM: Found Adware: ebates money maker
4:10 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {7f241c00-dab6-11d5-aaa8-0001028df1bc} (ID = 125586)
4:10 PM: Found Adware: sureseeker.com hijack
4:10 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\ || searchurl (ID = 870794)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\main\ || search bar (ID = 870796)
4:10 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-764733703-854245398-1005\software\microsoft\internet explorer\search\ || searchassistant (ID = 870797)
4:10 PM: Registry Sweep Complete, Elapsed Time:00:00:33
4:10 PM: Starting Cookie Sweep
4:10 PM: Found Spy Cookie: ebates cookie
4:10 PM: (name removed)@www.ebates[2].txt (ID = 2558)
4:10 PM: Found Spy Cookie: 190dotcom cookie
4:10 PM: (name removed)@206.65.190[1].txt (ID = 1936)
4:10 PM: Found Spy Cookie: 2o7.net cookie
4:10 PM: (name removed)@2o7[1].txt (ID = 1957)
4:10 PM: Found Spy Cookie: l2m.net cookie
4:10 PM: (name removed)@33362002a.l2m[1].txt (ID = 2914)
4:10 PM: Found Spy Cookie: belointeractive cookie
4:10 PM: (name removed)@ads.belointeractive[2].txt (ID = 2295)
4:10 PM: Found Spy Cookie: ads.businessweek cookie
4:10 PM: (name removed)@ads.businessweek[1].txt (ID = 2113)
4:10 PM: (name removed)@ads.businessweek[2].txt (ID = 2113)
4:10 PM: Found Spy Cookie: ads.techtv.com cookie
4:10 PM: (name removed)@ads.techtv[2].txt (ID = 2129)
4:10 PM: Found Spy Cookie: adultrevenueservice cookie
4:10 PM: (name removed)@adultrevenueservice[1].txt (ID = 2167)
4:10 PM: (name removed)@adultrevenueservice[2].txt (ID = 2167)
4:10 PM: (name removed)@adultrevenueservice[3].txt (ID = 2167)
4:10 PM: Found Spy Cookie: dealtime cookie
4:10 PM: (name removed)@aol.dealtime[2].txt (ID = 2506)
4:10 PM: Found Spy Cookie: belnk cookie
4:10 PM: (name removed)@ath.belnk[2].txt (ID = 2293)
4:10 PM: Found Spy Cookie: atwola cookie
4:10 PM: (name removed)@atwola[1].txt (ID = 2255)
4:10 PM: (name removed)@belointeractive[1].txt (ID = 2294)
4:10 PM: Found Spy Cookie: bizrate cookie
4:10 PM: (name removed)@bizrate[1].txt (ID = 2308)
4:10 PM: (name removed)@bizrate[2].txt (ID = 2308)
4:10 PM: (name removed)@bizrate[3].txt (ID = 2308)
4:10 PM: (name removed)@bizrate[4].txt (ID = 2308)
4:10 PM: (name removed)@bizrate[5].txt (ID = 2308)
4:10 PM: Found Spy Cookie: barelylegal cookie
4:10 PM: (name removed)@c.fsx[1].txt (ID = 2286)
4:10 PM: Found Spy Cookie: centrport net cookie
4:10 PM: (name removed)@centrport[1].txt (ID = 2374)
4:10 PM: Found Spy Cookie: coolsavings cookie
4:10 PM: (name removed)@coolsavings[2].txt (ID = 2465)
4:10 PM: Found Spy Cookie: about cookie
4:10 PM: (name removed)@cruises.about[2].txt (ID = 2038)
4:10 PM: Found Spy Cookie: clickzs cookie
4:10 PM: (name removed)@cz6.clickzs[1].txt (ID = 2413)
4:10 PM: (name removed)@dealtime[1].txt (ID = 2505)
4:10 PM: (name removed)@dealtime[2].txt (ID = 2505)
4:10 PM: (name removed)@dealtime[3].txt (ID = 2505)
4:10 PM: (name removed)@dealtime[4].txt (ID = 2505)
4:10 PM: (name removed)@dealtime[6].txt (ID = 2505)
4:10 PM: Found Spy Cookie: go.com cookie
4:10 PM: (name removed)@disney.go[1].txt (ID = 2729)
4:10 PM: (name removed)@disney.go[2].txt (ID = 2729)
4:10 PM: (name removed)@disneyland.disney.go[1].txt (ID = 2729)
4:10 PM: (name removed)@disneyland.disney.go[3].txt (ID = 2729)
4:10 PM: (name removed)@disneyworld.disney.go[1].txt (ID = 2729)
4:10 PM: (name removed)@dlr.reservations.disney.go[1].txt (ID = 2729)
4:10 PM: (name removed)@dlr.reservations.disney.go[3].txt (ID = 2729)
4:10 PM: Found Spy Cookie: homestore cookie
4:10 PM: (name removed)@domania.homestore[2].txt (ID = 2794)
4:10 PM: Found Spy Cookie: epilot cookie
4:10 PM: (name removed)@epilot[1].txt (ID = 2621)
4:10 PM: (name removed)@espn.go[1].txt (ID = 2729)
4:10 PM: Found Spy Cookie: expage cookie
4:10 PM: (name removed)@expage[2].txt (ID = 2637)
4:10 PM: Found Spy Cookie: preferences cookie
4:10 PM: (name removed)@gm.preferences[1].txt (ID = 3184)
4:10 PM: Found Spy Cookie: go2net.com cookie
4:10 PM: (name removed)@go2net[1].txt (ID = 2730)
4:10 PM: (name removed)@gohawaii.about[2].txt (ID = 2038)
4:10 PM: Found Spy Cookie: tripod cookie
4:10 PM: (name removed)@grady-white.tripod[1].txt (ID = 3592)
4:10 PM: Found Spy Cookie: herfirstlesbiansex cookie
4:10 PM: (name removed)@herfirstlesbiansex[2].txt (ID = 2771)
4:10 PM: (name removed)@homepage.belointeractive[2].txt (ID = 2295)
4:10 PM: (name removed)@homestore[2].txt (ID = 2793)
4:10 PM: (name removed)@homestore[3].txt (ID = 2793)
4:10 PM: (name removed)@homestore[4].txt (ID = 2793)
4:10 PM: (name removed)@homestore[5].txt (ID = 2793)
4:10 PM: (name removed)@houseandhome.aol.homestore[1].txt (ID = 2794)
4:10 PM: (name removed)@houseandhome.aol.homestore[2].txt (ID = 2794)
4:10 PM: Found Spy Cookie: howstuffworks cookie
4:10 PM: (name removed)@howstuffworks[2].txt (ID = 2805)
4:10 PM: (name removed)@howstuffworks[3].txt (ID = 2805)
4:10 PM: (name removed)@howstuffworks[4].txt (ID = 2805)
4:10 PM: Found Spy Cookie: realmedia cookie
4:10 PM: (name removed)@icover.realmedia[2].txt (ID = 3236)
4:10 PM: Found Spy Cookie: infospace cookie
4:10 PM: (name removed)@infospace[1].txt (ID = 2865)
4:10 PM: (name removed)@infospace[3].txt (ID = 2865)
4:10 PM: (name removed)@infospace[4].txt (ID = 2865)
4:10 PM: (name removed)@l2m[1].txt (ID = 2913)
4:10 PM: (name removed)@msn.espn.go[1].txt (ID = 2729)
4:10 PM: Found Spy Cookie: touchclarity cookie
4:10 PM: (name removed)@msn.touchclarity[2].txt (ID = 3566)
4:10 PM: Found Spy Cookie: nextag cookie
4:10 PM: (name removed)@nextag[1].txt (ID = 5014)
4:10 PM: Found Spy Cookie: exitfuel cookie
4:10 PM: (name removed)@nitrous.exitfuel[2].txt (ID = 2636)
4:10 PM: Found Spy Cookie: one-time-offer cookie
4:10 PM: (name removed)@one-time-offer[1].txt (ID = 3095)
4:10 PM: Found Spy Cookie: wtlive.com cookie
4:10 PM: (name removed)@p.wtlive[1].txt (ID = 3700)
4:10 PM: (name removed)@p.wtlive[3].txt (ID = 3700)
4:10 PM: (name removed)@personalfinance.aol.homestore[1].txt (ID = 2794)
4:10 PM: Found Spy Cookie: pricegrabber cookie
4:10 PM: (name removed)@pricegrabber[1].txt (ID = 3185)
4:10 PM: (name removed)@pricegrabber[2].txt (ID = 3185)
4:10 PM: (name removed)@pricegrabber[3].txt (ID = 3185)
4:10 PM: (name removed)@pricegrabber[4].txt (ID = 3185)
4:10 PM: (name removed)@pricegrabber[5].txt (ID = 3185)
4:10 PM: Found Spy Cookie: wegcash cookie
4:10 PM: (name removed)@programs.wegcash[2].txt (ID = 3682)
4:10 PM: Found Spy Cookie: reunion cookie
4:10 PM: (name removed)@reunion[2].txt (ID = 3255)
4:10 PM: (name removed)@roi.atwola[1].txt (ID = 2256)
4:10 PM: Found Spy Cookie: search123 cookie
4:10 PM: (name removed)@search123[1].txt (ID = 3305)
4:10 PM: Found Spy Cookie: starware.com cookie
4:10 PM: (name removed)@starware[2].txt (ID = 3441)
4:10 PM: (name removed)@stat.dealtime[1].txt (ID = 2506)
4:10 PM: (name removed)@stat.dealtime[2].txt (ID = 2506)
4:10 PM: (name removed)@stat.dealtime[3].txt (ID = 2506)
4:10 PM: Found Spy Cookie: stats.klsoft.com cookie
4:10 PM: (name removed)@stats.klsoft[1].txt (ID = 3451)
4:10 PM: (name removed)@stats.klsoft[3].txt (ID = 3451)
4:10 PM: Found Spy Cookie: tacoda cookie
4:10 PM: (name removed)@tacoda[1].txt (ID = 6444)
4:10 PM: Found Spy Cookie: tvguide cookie
4:10 PM: (name removed)@tvguide[1].txt (ID = 3599)
4:10 PM: (name removed)@walking.about[2].txt (ID = 2038)
4:10 PM: Found Spy Cookie: clickxchange adware cookie
4:10 PM: (name removed)@www.clickxchange[2].txt (ID = 2409)
4:10 PM: (name removed)@www.dealtime[2].txt (ID = 2506)
4:10 PM: (name removed)@www.dealtime[3].txt (ID = 2506)
4:10 PM: (name removed)@www.ebates[2].txt (ID = 2558)
4:10 PM: (name removed)@www.ebates[3].txt (ID = 2558)
4:10 PM: (name removed)@www.ebates[4].txt (ID = 2558)
4:10 PM: (name removed)@www.ebates[5].txt (ID = 2558)
4:10 PM: (name removed)@www.ebates[6].txt (ID = 2558)
4:10 PM: (name removed)@www.epilot[1].txt (ID = 2622)
4:10 PM: (name removed)@www.homestore[2].txt (ID = 2794)
4:10 PM: (name removed)@www.howstuffworks[2].txt (ID = 2806)
4:10 PM: (name removed)@www.nextag[1].txt (ID = 5015)
4:10 PM: Found Spy Cookie: screensavers.com cookie
4:10 PM: (name removed)@www.screensavers[2].txt (ID = 3298)
4:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
4:10 PM: Starting File Sweep
5:02 PM: Warning: Failed to read file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdaccac12-d947-4c98-9ac1-d87df35d5888.tmp". Invalid pointer operation
5:02 PM: Warning: Failed to access drive D:
5:02 PM: Warning: Failed to access drive D:
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040167..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040136..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040160..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040156..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040145..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010167.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010171.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010172.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010118.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010120.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010122.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010174.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010124.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010176.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010178.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010126.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010127.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010129.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010179.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010132.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010134.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010135.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010137.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040108..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010139.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010141.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010143.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010182.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010184.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010185.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010187.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040104..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\found.000\dir0006.chk\00040142..
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010145.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010121.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010123.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010125.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010119.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010142.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010128.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010130.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010140.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010136.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010138.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010148.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010154.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010180.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010156.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010158.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010160.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010163.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010173.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010165.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010175.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010177.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010195.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010183.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010186.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010188.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010190.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010214.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010192.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010197.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010199.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010207.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010209.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010211.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010217.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010219.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010222.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010224.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010226.cls.
5:02 PM: Warning: DDAFileExists failed to resolve the MFT number for: c:\recycler\nprotect\00010229.cls.
********
4:00 PM: | Start of Session, Wednesday, January 25, 2006 |
4:00 PM: Spy Sweeper started
4:00 PM: Your spyware definitions have been updated.
4:02 PM: | End of Session, Wednesday, January 25, 2006 |


Next log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:15 PM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Media Manager\airsvcu.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\dllhost.exe
c:\program files\common files\aol\1127517554\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
c:\program files\common files\aol\1127517554\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\(name removed)\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fdl.msn.com
O16 - DPF: SEAGULL J Walk Java Client 3_3C3 - http://207.228.41.46/jwalk/jwalk/jwalk_ie.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33C9CD44-1EB4-41BC-BDAE-67200C31CC01} (MSNRegKey Class) - http://supportservices.msn.com/us/oetool2/images/msncfg.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124166299047
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/WRActiveX/FileXfer.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://sna.coair.com/HFACTX/HFDSP.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/aut.../autopricer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v10/investor.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton A

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 26 January 2006 - 11:40 AM

Data error (cyclic redundancy check

You need to run chkdsk on your HD

Be sure to allow these changes in TeaTimer

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 26 January 2006 - 02:10 PM

In your message, Data error (cyclic redundancy check
Not sure what it means.

Also not sure about, Be sure to allow these changes in TeaTimer
If it is part of spybot, I could not to get it to work the other day.

%temp% message box
Error Deleting File or Foler
cannot delete ~DF731F: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.

Deleted everything in C:\Windows\Temp

Ran chkdsk:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\(name removed)>chkdsk
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry 00023742.CLS in index $I30 of file 28862.
Deleting index entry 00023743.CLS in index $I30 of file 28862.
Deleting index entry 00023744.CLS in index $I30 of file 28862.
Deleting index entry 00023745.CLS in index $I30 of file 28862.
Deleting index entry 00023747.CLS in index $I30 of file 28862.
Deleting index entry 00023748.CLS in index $I30 of file 28862.
Deleting index entry 00023749.CLS in index $I30 of file 28862.
Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

C:\Documents and Settings\(name removed)>




Logfile of HijackThis v1.99.1
Scan saved at 10:32:40 AM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Media Manager\airsvcu.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1127517554\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\(name removed)\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fdl.msn.com
O16 - DPF: SEAGULL J Walk Java Client 3_3C3 - http://207.228.41.46/jwalk/jwalk/jwalk_ie.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33C9CD44-1EB4-41BC-BDAE-67200C31CC01} (MSNRegKey Class) - http://supportservices.msn.com/us/oetool2/images/msncfg.CAB
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124166299047
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/WRActiveX/FileXfer.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://sna.coair.com/HFACTX/HFDSP.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/aut.../autopricer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v10/investor.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Status of my system:
Still extremely slow
System Configuration Utility popped up on start up again, System.ini is still blank. Is that okay?
Network connection box appears constantly
D drive message box, drive is not formatted, format now?


Joy

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 26 January 2006 - 02:43 PM

Run chkdsk and use the /F parameter you have disk problems

System.ini blank - Dunno

Fix this entry

O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE /reminder

What is on D - is it a separate physical disk
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 26 January 2006 - 03:26 PM

Ran chkdsk /F, received the following message:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.


C:\Documents and Settings\(name)>chkdsk /F
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) n

C:\Documents and Settings\(name)>

Maybe I'm not doing it right?

Did a virus eat the System.ini? Is it a necessary file? How do I get it back?

Fixed entry O4

The D drive is a 120 Gb harddisk. Yes, it is a separate physical disk. I think Microsoft Digital image 10 and all our pictures reside there.

Any clue why the Network Connection box pops up on start up?

What would make the computer run sooooooo slow?

Joy

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 26 January 2006 - 03:51 PM

Give that a Y you do want it to run at the next start

YOu also need to CHKDSK D: /F

Explain the network issue in more detail
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 26 January 2006 - 08:50 PM

Okay, the chkdsk D: /F worked, the D drive is now showing up in explorer. I wonder how that got so messed up? A virus? Here is what it reported:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\(name)>chkdsk c: /f
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

C:\Documents and Settings\(name)>chkdsk d: /f
The type of the file system is NTFS.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
Replacing bad clusters in logfile.
Adding 128 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

160079660 KB total disk space.
1069192 KB in 2281 files.
1092 KB in 83 indexes.
165932 KB in bad sectors.
74956 KB in use by the system.
65536 KB occupied by the log file.
158768488 KB available on disk.

4096 bytes in each allocation unit.
40019915 total allocation units on disk.
39692122 allocation units available on disk.

C:\Documents and Settings\(name)>


Chkdsk C: /f answered Y. The first time I booted up, the computer froze with a black screen, just a dash in the upper left corner. Rebooted, worked okay but really really slow. No report, should I assume it ran okay?


The System Utility Configuration did not pop up, good news. But, System.ini still blank. Searched microsoft.com to see if this is a known problem but could not find anything for XP. Just wondering if missing file is why my mouse is erratic.


The network problem is a message box which pops up erery few seconds with the following:
Network Connections -
You (or a program) have requested information from * . Which connection do you want to use? - Connections -
MSN Explorer -
MSN Internet Access -
America Online -
Setting - Connect - Cancel

I always select Cancel.

The * changes, here are a few:
reachability.aol.com
stc.msn.com
stj.msn.com
c.msn.com
hp.msn.com
stb.msn.com
g.msn.com

The slow computer issue, think I saw a posting with same problem, I'll check that out.


Joy

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 27 January 2006 - 10:22 AM

Disk problems are indications that the disk are going bad and generally are hardware releated not virs/software releated - make sure you have your data backed up as you may lose that disk



http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 27 January 2006 - 06:13 PM

Hi,

kaspersy scan:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 27, 2006 15:01:11
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/01/2006
Kaspersky Anti-Virus database records: 162838
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 77647
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 3
Duration of the scan process: 6386 sec

Infected Object Name - Virus Name
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25901A21.tmp/[From valmay@onebox.com][Date Thu, 3 Jun 2004 14:32:46 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25901A21.tmp/[From valmay@onebox.com][Date Thu, 3 Jun 2004 14:32:46 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\25901A21.tmp Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F9D644D.tmp/[From triciasitz@emailoregon.com][Date Thu, 3 Jun 2004 14:05:15 -0700]/websites03.doc Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F9D644D.tmp Infected: Email-Worm.Win32.NetSky.q

Scan process completed.


HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:03:47 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Media Manager\airsvcu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\common files\aol\1127517554\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\dllhost.exe
c:\program files\common files\aol\1127517554\ee\aolsoftware.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Documents and Settings\(name)\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127517554\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fdl.msn.com
O16 - DPF: SEAGULL J Walk Java Client 3_3C3 - http://207.228.41.46/jwalk/jwalk/jwalk_ie.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33C9CD44-1EB4-41BC-BDAE-67200C31CC01} (MSNRegKey Class) - http://supportservices.msn.com/us/oetool2/images/msncfg.CAB
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124166299047
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLcd.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/WRActiveX/FileXfer.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://sna.coair.com/HFACTX/HFDSP.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/aut.../autopricer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v10/investor.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 28 January 2006 - 09:54 AM

All looks good

Empty the Norton Quarantine
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 30 January 2006 - 01:04 PM

Hi,
Thank you so very much for all your help. This website is incredible. It is so good to know that for all the bad guys (virus makers) out there, there are all you good guys here. Will definitely make a donation and spread the good word.
Aloha,
Joy

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 30 January 2006 - 01:18 PM

YOu are very welcome
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 jt2006

jt2006
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 30 January 2006 - 05:08 PM

Hi,

This is probably not where I should post this, could you point me in the right direction?

Tried Spybot again and it worked.

I just received the message box below. Problem is the buttons are unreadable. Have you seen this before. Do you know what the buttons reads? I need to shut my computer down but need to make a selection on this message.

(I thought I could paste the message image here that I copied to paint program, just learned how to use that control print screen feature today but don't know how to paste it here. Tried clicking on the insert image box above, but that's not it, I get a message for a URL) So I'll try and describe it unless you know how I can paste that message box here.

The Spybot message box is titled - Search & Destroy
Spybot – Search & Destroy has detected an important registry entry that has been changed.

Category: System Startup user entry
Change: Value deleted

Old Data:

(There are two buttons here but only the top half of the buttons are showing)

Thanks,
Joy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users