View Full Version : IE Only Displays Secure Sites on Favorites
Cyrowski
2007-10-11, 20:01
IE will only display secure pages (https) that are saved as a "favorite." When I try to access unsecure sites, I receive the "Page Cannot Be Displayed" error and at the bottom, "Cannot Find Server on DNS Error." If I type an address in the address line (secure or unsecure), I get a window error stating "Internet Explorer Could Not Open the search page."
Before finding this site, I have run Norton Antivirus, checked hosts files (did not find anything), emptied temporary internet files and cache, checked to make sure security settings are OK. I could not run the Kaspersky because you need IE to run it and I cannot access from IE. I ran Spybot as required to clear up anything in "red" but there are two items that cannot be fixed, and upon start-up, it goes through the same cycle of identifying the same issues.
I loaded Firefox onto my computer so that I could access the internet. Below is the HJT Info.
Thank you.
Cyrowski
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:47 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\program files\common files\aol\1127949917\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1127949917\ee\aolsoftware.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:65535
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [h4X6VW8kd] C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.2.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.2.29/wordjong/wordjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://acna-mi-ml1.akebono-usa.com/download/dolcontrol.cab
O16 - DPF: {63E07911-299B-4B9A-825B-1AB14CC4C53B} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) - https://remote.akebono-usa.com/ui/Axt.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://www.stu.uophx.edu/secure/PhxStudent15.CAB
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B7AEE795-CA7A-4BCE-8F63-6BC4AF227F2B} - http://status.uophx.edu/tech/transition_new/Control/OeSetupControl.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://hrpayroll-ml.ceridian.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://acna-mi-ml1.akebono-usa.com/dwa7W.cab
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Secure Connect) - https://remote.akebono-usa.com/ui/cscinstaller.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
--
End of file - 14429 bytes
pskelley
2007-10-14, 14:11
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I ran Spybot as required to clear up anything in "red" but there are two items that cannot be fixed, and upon start-up, it goes through the same cycle of identifying the same issues. Be 100% positive you have the most recent updates and are fully immunized. If the issue with Spybot still persists, ask those questions to the Spybot experts here:
http://forums.spybot.info/forumdisplay.php?f=4 <<< Spybot forum
http://forums.spybot.info/forumdisplay.php?f=16 <<< false positives
Even though you are infected, it is rare malware causes the issues you are having with IE. Have a look here:
http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx
http://www.google.com/search?hl=en&q=Internet+Explorer+Could+Not+Open+the+search+page&btnG=Google+Search
http://www.google.com/search?hl=en&q=Cannot+Find+Server+on+DNS+Error&btnG=Google+Search
http://www.google.com/search?hl=en&q=Page+Cannot+Be+Displayed&btnG=Google+Search
You have this junk onboard: http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99
and this: O4 - HKLM\..\Run: [h4X6VW8kd] C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe
do you know what that is? If not, use one or more of these free online scanners to find out and post the results for me to view:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
You also have this: O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
See what CastleCops has to say: http://www.castlecops.com/atxlist-951.html
Let's let combofix take a look to see what it finds and we will go from there:
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
If your issues are resolved, please post to let me know so I can close the topic.
Thanks
Cyrowski
2007-10-17, 02:20
Hi there,
Sorry for the delay; I was out of town for two days. Thank you for helping me!
1. Updated Spybot and ran. Same issues appeared. Attaching text file. Will submit to spybot forum you recommended.
2. Thanks for the suggestions on searching for IE issues. Before I found this forum, I had found the Sandi Hardmeier article and followed all of her steps. I also found some of the other forums and read through the issues, tried some, but could not resolve the issue.
3. How do I get rid of the junk you reference, including the wild tangent? I ran the file h4X6VW8kd through virusscan and virustotal. No issues were found. Results are attached as text.
4. Ran combofix & HJT. Results below in separate posts (too much data). IE still does not load pages. Also, I am now missing my calculator, solitaire, outlook express, hearts. Shortcuts do not work. Applications appear to be missing. This occurred a few days ago.
Combofix:
ComboFix 07-10-16.1 - Owner 2007-10-16 19:37:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.133 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\NDNuninstall4_80.exe
C:\WINNT\NDNuninstall4_88.exe
C:\WINNT\NDNuninstall4_94.exe
C:\WINNT\NDNuninstall5_40.exe
C:\WINNT\NDNuninstall5_48.exe
C:\WINNT\NDNuninstall5_64.exe
C:\WINNT\NDNuninstall6_10.exe
C:\WINNT\NDNuninstall6_22.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.
2007-10-16 19:35 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-11 19:33 1,156 --a------ C:\WINNT\mozver.dat
2007-10-11 15:17 <DIR> d-------- C:\Program Files\Java
2007-10-11 15:17 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-08 17:05 75,384 --a------ C:\WINNT\TrueInstall.exe
2007-09-18 14:43 317,616 --a------ C:\WINNT\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINNT\system32\drivers\srtsp.sys
2007-09-18 14:43 43,696 --a------ C:\WINNT\system32\drivers\srtspx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 23:06 --------- d-----w C:\Program Files\America Online 7.0
2007-10-11 20:17 --------- d-----w C:\Program Files\America Online 8.0
2007-10-08 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-08 21:59 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-08 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-08 21:57 805 ----a-w C:\WINNT\system32\drivers\SYMEVENT.INF
2007-10-08 21:57 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
2007-10-08 21:57 123,952 ----a-w C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-10-08 21:57 10,740 ----a-w C:\WINNT\system32\drivers\SYMEVENT.CAT
2007-10-08 21:57 --------- d-----w C:\Program Files\Symantec
2007-10-08 21:05 --------- d-----w C:\Program Files\TrueSwitchComcast
2007-10-06 17:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-10-06 17:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-09-18 18:44 10,662 ----a-w C:\WINNT\system32\drivers\srtspx.cat
2007-09-18 18:44 10,662 ----a-w C:\WINNT\system32\drivers\srtspl.cat
2007-09-18 18:44 10,658 ----a-w C:\WINNT\system32\drivers\srtsp.cat
2007-09-18 18:44 1,430 ----a-w C:\WINNT\system32\drivers\srtspl.inf
2007-09-18 18:44 1,421 ----a-w C:\WINNT\system32\drivers\srtspx.inf
2007-09-18 18:44 1,415 ----a-w C:\WINNT\system32\drivers\srtsp.inf
2007-09-14 03:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-09-14 03:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-09-14 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-09 21:21 512,000 ----a-w C:\WINNT\system32\WunderPhoto Screensaver.scr
2007-09-02 13:26 --------- d-----w C:\Program Files\Real
2007-09-01 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-25 16:43 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-24 15:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\TrueSwitch
2007-08-24 15:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\TrueSwitch
2007-08-22 13:12 96,256 ------w C:\WINNT\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINNT\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINNT\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINNT\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINNT\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINNT\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINNT\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINNT\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINNT\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ------w C:\WINNT\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINNT\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINNT\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINNT\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINNT\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINNT\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINNT\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINNT\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ------w C:\WINNT\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINNT\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINNT\system32\dllcache\inetcomm.dll
2007-08-19 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2007-08-19 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2007-08-18 17:24 --------- d-----w C:\Program Files\support.com
2007-08-18 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2007-08-05 23:30 63,176 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-08-05 23:30 63,176 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINNT\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINNT\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINNT\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINNT\system32\dllcache\wups.dll
2006-02-19 08:28 12,288 ----a-w C:\WINNT\Fonts\RandFont.dll
2003-07-26 19:08 1,583 -c--a-w C:\Program Files\INSTALL.LOG
2002-10-02 20:33:16 32 -csha-w C:\WINNT\{9FAB8911-3BC4-493A-9D31-15B0694333AF}.dat
2002-10-02 20:33:16 32 --sha-w C:\WINNT\system32\{132DF614-59EA-4791-9A10-1D83F9D5DFF3}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"CTHelper"="CTHELPER.EXE" [2002-07-02 19:56 C:\WINNT\system32\cthelper.exe]
"UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 03:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 03:00]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-11-23 21:46]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 16:24 C:\WINNT\GWMDMMSG.exe]
"GWMDMpi"="C:\WINNT\GWMDMpi.exe" [2002-08-06 16:24]
"NeroCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 07:50]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 22:21]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
"h4X6VW8kd"="C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe" []
"BtcMaestro"="C:\Program Files\KMaestro\KMaestro.exe" [2002-11-27 01:47]
"LWBMOUSE"="C:\MMaestro\BWheel35.exe" [2002-09-12 12:22]
"CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 15:25]
"HostManager"="C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe" [2006-03-10 18:22]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 19:03]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 11:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-26 16:16]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 03:11]
"KMCONFIG"="C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 14:51]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 12:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-02-25 11:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 05:29:26]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08]
R0 IFP300;iRiver Internet Audio Player IFP-300;C:\WINNT\system32\DRIVERS\ifp300.sys
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys
R3 GTWModem;GTW V.92 Voicemodem;C:\WINNT\system32\DRIVERS\GWMDM.sys
R3 KMWDFilter;KMWDFilter;\??\C:\WINNT\System32\Drivers\KMWDFilter.SYS
S2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe
S3 BCMModem;BCM V.90 56K Modem;C:\WINNT\system32\DRIVERS\BCMDM.sys
S3 hlabeeh.sys;hlabeeh.sys;\??\C:\WINNT\System32\hlabeeh.sys
S3 iscFlash;iscFlash;\??\C:\WINNT\SYSTEM32\DRIVERS\iscflash.sys
S3 PCDRDRV;Pcdr Helper Driver;\??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 22:40:35 C:\WINNT\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 19:40:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-16 19:41:51
.
--- E O F ---
Cyrowski
2007-10-17, 02:21
HJT scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:07 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\common files\aol\1127949917\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
c:\program files\common files\aol\1127949917\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:65535
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [h4X6VW8kd] C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.2.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.2.29/wordjong/wordjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://acna-mi-ml1.akebono-usa.com/download/dolcontrol.cab
O16 - DPF: {63E07911-299B-4B9A-825B-1AB14CC4C53B} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) - https://remote.akebono-usa.com/ui/Axt.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://www.stu.uophx.edu/secure/PhxStudent15.CAB
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B7AEE795-CA7A-4BCE-8F63-6BC4AF227F2B} - http://status.uophx.edu/tech/transition_new/Control/OeSetupControl.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://hrpayroll-ml.ceridian.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://acna-mi-ml1.akebono-usa.com/dwa7W.cab
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Secure Connect) - https://remote.akebono-usa.com/ui/cscinstaller.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
--
End of file - 14913 bytes
pskelley
2007-10-17, 13:11
Thanks for returning your information, please do not attach files I have not requested, read the instructions.
All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
Also, I am now missing my calculator, solitaire, outlook express, hearts. Shortcuts do not work. Applications appear to be missing. This occurred a few days ago.What do you mean by missing? These program are not on your computer? Or are you missing the short cuts to them? While I suppose anything is possible, I have yet to run into malware that removed whole programs.
Spy Sweeper <<< do you own this program or is it left from a trial?
Let's do this please:
1) Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
2) See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_07\ <<< Java is out of date, please download the newest version and uninstall all old versions in Add Remove programs.
3) You are still running IE6, I suggest you try updating to the newest version to see if that fixes your IE issues:
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - SOFTWARE - (no file)
(next item is damaged, install it again once we finish if you use it)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O2 - BHO: (no name) - {} - (no file)
(same as above)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_0_2_7.dll (file missing)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
See this: http://www.castlecops.com/atxlist-951.html
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
See this: http://www.castlecops.com/atxlist-1656.html
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pc...ploader_v7.cab
See this: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FPOP%2EA
Close all programs but HJT and all browser windows, then click on "Fix Checked"
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post a new HJT log, the information you attached, the uninstall list and any feedback you think will help.
Thanks
Cyrowski
2007-10-18, 03:56
Thank you for the continued support.
1. Please bear with me. I am very green at this. Sorry for attaching files when not asked.
2. You asked, "What do you mean by missing? These program are not on your computer? Or are you missing the short cuts to them? While I suppose anything is possible, I have yet to run into malware that removed whole programs."
The applications/programs are no longer on my computer.
3. Yes, I own Spysweeper. Do I need this if I am now using Spybot?
4. You asked me to "click the 'open misc tools' section button. Are you referring to Spysweeper? There is no such section on my Spysweeper. If you are referring to something else, please clarify.
5. I uninstalled the Java version on my computer but was unable to install the new version from the link you provided. Received message "the installer cannot proceed with the current internet connection settings. When I close out the window, an error message appears stating an unexpected installation error occurred.
6. Downloaded the newest version of IE. Same issue still exists. Only secure sites will load.
7. I conducted the HJT system scan only and checked the items indicated and followed the prompts to "Fix Checked."
8. I ran the ATF Cleaner.
9. New HJT loog is below. You also asked me to post "the information you attached." I am unsure if you want me to post it here as I ran it yesterday, so that is what I will do. I could not post the "uninstall list" as I am not sure what you were referencing in your point 1).
10. I'm ready to just uninstall IE and continue using Firefox. Any long-term issues that I might face if I do that? I also plan to uninstall AOL, which I do not use since getting Comcast cable internet.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:24 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
c:\program files\common files\aol\1127949917\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1127949917\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:65535
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [h4X6VW8kd] C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127949917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.2.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.2.29/wordjong/wordjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://acna-mi-ml1.akebono-usa.com/download/dolcontrol.cab
O16 - DPF: {63E07911-299B-4B9A-825B-1AB14CC4C53B} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) - https://remote.akebono-usa.com/ui/Axt.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://www.stu.uophx.edu/secure/PhxStudent15.CAB
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {B7AEE795-CA7A-4BCE-8F63-6BC4AF227F2B} - http://status.uophx.edu/tech/transition_new/Control/OeSetupControl.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://hrpayroll-ml.ceridian.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://acna-mi-ml1.akebono-usa.com/dwa7W.cab
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Secure Connect) - https://remote.akebono-usa.com/ui/cscinstaller.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
--
End of file - 13957 bytes
Will post previous attachments in next post.
Thank you.
Cyrowski
2007-10-18, 04:00
Spybot 10.16 results:
NewDotNet: User settings (Registry key, fixing failed)
HKEY_USERS\S-1-5-18\Software\new.net
NewDotNet: User settings (Registry key, fixing failed)
HKEY_USERS\.DEFAULT\Software\new.net
--- Spybot - Search && Destroy version: 1.3 ---
2007-10-10 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-10-10 Includes\DialerC.sbi
2007-08-29 Includes\Hijackers.sbi
2007-10-10 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-10-10 Includes\KeyloggersC.sbi
2004-05-12 Includes\LSP.sbi
2007-10-04 Includes\Malware.sbi
2007-10-10 Includes\MalwareC.sbi
2007-09-05 Includes\PUPS.sbi
2007-10-10 Includes\PUPSC.sbi
2007-10-10 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-10-10 Includes\SecurityC.sbi
2007-10-10 Includes\Spybots.sbi
2007-10-10 Includes\SpybotsC.sbi
2007-08-21 Includes\Tracks.uti
2007-10-04 Includes\Trojans.sbi
2007-10-10 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll
Virustotalscan:
Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File h4x6vw8kd.dll received on 10.17.2007 01:23:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/31 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 48 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.17.0 2007.10.16 -
AntiVir 7.6.0.23 2007.10.16 -
Authentium 4.93.8 2007.10.16 -
Avast 4.7.1051.0 2007.10.15 -
AVG 7.5.0.488 2007.10.16 -
BitDefender 7.2 2007.10.17 -
CAT-QuickHeal 9.00 2007.10.16 -
ClamAV 0.91.2 2007.10.16 -
DrWeb 4.44.0.09170 2007.10.16 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5216 2007.10.17 -
Ewido 4.0 2007.10.16 -
FileAdvisor 1 2007.10.17 -
Fortinet 3.11.0.0 2007.10.16 -
F-Prot 4.3.2.48 2007.10.15 -
F-Secure 6.70.13030.0 2007.10.17 -
Ikarus T3.1.1.12 2007.10.16 -
Kaspersky 7.0.0.125 2007.10.17 -
McAfee 5142 2007.10.16 -
Microsoft 1.2908 2007.10.16 -
NOD32v2 2595 2007.10.16 -
Norman 5.80.02 2007.10.16 -
Panda 9.0.0.4 2007.10.16 -
Prevx1 V2 2007.10.17 -
Rising 19.45.12.00 2007.10.16 -
Sophos 4.22.0 2007.10.16 -
Sunbelt 2.2.907.0 2007.10.16 -
Symantec 10 2007.10.16 -
TheHacker 6.2.8.093 2007.10.16 -
VBA32 3.12.2.4 2007.10.16 -
VirusBuster 4.3.26:9 2007.10.16 -
Additional information
File size: 286 bytes
MD5: ee541d27c5750e9fc8a647b19a1550a9
SHA1: 46f48ccf700c9aa8f14038bab1f794684b7b4070
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com
Virusscan:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus
Service
Service load:
0% 100%
File: h4x6vw8kd.dll
Status:
OK
MD5: ee541d27c5750e9fc8a647b19a1550a9
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 16 Oct 2007 23:16:51 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Powered by
images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.png images/rising.gif images/sophos.gif images/virusbuster.gif images/vba32.png Bit9
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
Statistics
Last file scanned at least one scanner reported something about: ccsetup201.exe (MD5: 98dc79b8171c1a32e5c9deec33019ad6, size: 2806238 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir W32/Parite
ArcaVir W95.Parite.B
Avast Win32:Parite
AVG Antivirus Win32/Parite
BitDefender Win32.Parite.B
ClamAV W32.Parite.B
CPsecure W32.Parite.B
Dr.Web Win32.Parite.2
F-Prot Antivirus W32/Parite.B
F-Secure Anti-Virus Virus.Win32.Parite.b
Fortinet W32/Parite.B
Kaspersky Anti-Virus Virus.Win32.Parite.b
NOD32 Win32/Parite.B
Norman Virus Control W32/Pinfi.A
Panda Antivirus W32/Parite.B
Rising Antivirus Win32.Parite.b
Sophos Antivirus W32/Parite-B
VirusBuster Win32.Parite.B
VBA32 Win32.Parite.B
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Debian
Page generated by JTPL
© 2004-2007 Jordi Bosveld <jotti@jotti.org>
pskelley
2007-10-18, 14:01
1. Please bear with me. I am very green at this. Sorry for attaching files when not asked. No problem, that is why I post that information first, to clear the air.
We have multiple issues here and I am going to try to help with malware. I may or may not be able to help with issues not malware related. I may be able to direct you to help, we shall see.
The applications/programs are no longer on my computer.
You are saying calculator, solitaire, outlook express, hearts <<< these programs are missing totally? You may have to reinstall the Operating System to fix this, I am going to suggest you ask technical support here:
http://support.microsoft.com/ I know OE is part of the Operating system as is IE.
Spybot 10.16 results:
Though I use Spybot S&D and have for many years, there is much to know about the program and malware keeps me busy. I prefer to direct Spybot issues to experts with the program. I will say most issues (not all) are caused by lack of maintenance. If it is a new issue that needs adding to the databases, the Spybot experts will know this and be able to advise you.
http://forums.spybot.info/forumdisplay.php?f=4 <<< Spybot forum
http://forums.spybot.info/forumdisplay.php?f=16 <<< false positives
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:44:07 PM, on 10/16/2007Looking at this HJT log I do not see anything that appears to be malware related. I do see items I do not know, is there anything in that HJT list you are not aware of why it is on your computer?
Spysweeper is a good program that runs in real time, Spybot Does not.
Instructions for Java were to download the new version FIRST and then uninstall old verions? You will have to ask Java support about those issues:
http://java.sun.com/developer/support/ or perhaps one of the free user groups?
Uninstall List: May show me something? I apologise for cutting off the first line.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
Thanks
Cyrowski
2007-10-19, 00:36
Hi there,
OK, sounds like I have to move over to some other forums to resolve the Spybot and IE issue. I appreciate your help on the malware. A few strings ago I think you indicated that I was infected. I take it the steps we took regarding malware cleared that up? Below is the uninstall list. If you see anything, let me know.
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Ahead InCD EasyWrite Reader
Ahead Nero BurnRights
Ahead Nero Express
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Instant Messenger (SM)
AOL Uninstaller
AppCore
ArcSoft PhotoStudio 5
ArcSoft Software Suite
AV
Bonjour
Canon CanoScan Toolbox 4.1
ccCommon
CCScore
CertGear PHR-SPHR Exam Simulator
Creative Driver
Creative Jukebox Driver
Creative NOMAD II Driver
DivX Codec
Do More 5.0
Do More 5.0
DVD
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Gateway Desktop Manager
Gateway Power Management
GTW V.92 Voicemodem
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 7.0
HP Deskjet 3740
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP PhotoSmart C200 Photo Imaging Software
HP PhotoSmart Photo Printing Software
HP Photosmart Premier Software 6.5
HP Software Update
HP Solution Center 7.0
HyperLoad
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Worm Protection
iPod for Windows 2005-10-12
iRiver Manager
iTunes
KeyMaestro Input Device Driver V2.6.4-73AU
KeyMaestro Mouse Driver
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Photo 7.0
Microsoft PowerPoint 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
My DSC
Network Play System (Patching)
NOMAD Jukebox 3 Driver
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Notifier
NVIDIA Windows 2000/XP Display Drivers
OfotoXMI
OmniPage SE
OTtBP
OTtBPSDK
PC-Doctor Consumer UI
PC-Doctor Diagnostics
PC-Doctor for Windows
PC-Doctor Services
PhoneTools
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
Sound Blaster Audigy
SPBBC 32bit
Spy Sweeper
Spybot - Search & Destroy 1.3
staticcr
Symantec
SymNet
The Sims
Ulead Photo Explorer 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Visual Statistics 2.0
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Wireless Keyboard & Mouse Driver
WIWBAGPH
WunderPhoto Screensaver
Yahoo! Companion
pskelley
2007-10-19, 01:43
Spybot - Search & Destroy 1.3 <<< obsolete version of Spybot, probably why you are having issues with it.
Viewpoint Media Player
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
Update your antivirus software and run a complete system scan, post the results along with a new HJT log.
Thanks
Cyrowski
2007-10-20, 19:56
Hi there,
Thanks for the info on Viewpoint Media Player. Also updated antivirus software and ran scan. No issues found. New HJT log below.
Thanks.
Cyrowski
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:06 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\program files\common files\aol\1127949917\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:65535
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [h4X6VW8kd] C:\documents and settings\owner\local settings\temp\h4X6VW8kd.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.2.29/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.2.29/wordjong/wordjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://acna-mi-ml1.akebono-usa.com/download/dolcontrol.cab
O16 - DPF: {63E07911-299B-4B9A-825B-1AB14CC4C53B} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) - https://remote.akebono-usa.com/ui/Axt.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://www.stu.uophx.edu/secure/PhxStudent15.CAB
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {B7AEE795-CA7A-4BCE-8F63-6BC4AF227F2B} - http://status.uophx.edu/tech/transition_new/Control/OeSetupControl.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://hrpayroll-ml.ceridian.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://acna-mi-ml1.akebono-usa.com/dwa7W.cab
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Secure Connect) - https://remote.akebono-usa.com/ui/cscinstaller.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
--
End of file - 13803 bytes
pskelley
2007-10-20, 20:22
If I missed this before I apologize:
C:\Program Files\SpywareBot\SpywareBot.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
see this: http://www.castlecops.com/startuplist-12902.html
See the information in the note because of past performance I do not suggest you keep this product, your call.
If you thought you were downloading Spybot S&D, you have the wrong program, here is that download link:
http://www.safer-networking.org/
As far as I can see, the HJT log is clean of malware.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Cyrowski
2007-10-20, 21:11
Thanks so much. Does it matter which location I download Spybot from once I follow the link? It offers about 10 different areas from which to download it.
pskelley
2007-10-20, 21:25
There's the Google:
http://www.google.com/search?hl=en&q=Spybot+S%26D&btnG=Google+Search
1.5 is available, I personally am still running 1.4.
Thanks
Cyrowski
2007-10-20, 22:56
Thanks so much for all of your help.
Make it a great day.