View Full Version : Please review logfile. Many problems.
RKennedy
2006-06-25, 20:46
Hello:
My kids have been making some "mistakes" on thier computer. Now had popups and hi-jackers. Seems pretty messed up.
I've run spybot a few times and some things keep reappearing. Here is the log file.
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 12:42:15 PM, on 6/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\rcss.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\cfg32.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\dfndra_1.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\cfg32a.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinsqez.exe GID003
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinsqez.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03e4f47e715ce29ec220/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\hr0o05d3e.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\j8n2li5o18.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
little eagle
2006-06-25, 20:52
Before trying to remove NewDotNet.
Download WinsockFix.zip (http://downloads.subratam.org/WinsockFix.zip). © Option^Explicit.
UnZip WinsockFix.zip (Pay close attention to where the file is extracted to.)
Now follow these steps:
1. Click on start, then settings and then control panel.
2. Double-click on the Add/Remove Programs icon.
3. Look through the installed programs for a program called New.Net or NewDotNet.
4. If there is no uninstall program listed then do the following:
1. Go to http://newdotnet.com/removal.html
2. Scroll down to Procedure 4 and follow the removal instructions.
Then reboot and delete the C:\Program Files\NewDotNet\ directory.
At this point you should be clean of newdotnet.
If you have lost Internet connection then run WinsockFix.exe. Click the Fix button.
This program will clean up your TCP/IP connection and rebuild the database.
After the program is complete, reboot and your problems should be resolved.
RKennedy
2006-06-25, 22:16
New log
Logfile of HijackThis v1.99.1
Scan saved at 2:11:07 PM, on 6/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Smtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
C:\WINDOWS\rcss.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\pwinsqez.exe
C:\WINDOWS\cfg32.exe
C:\dfndra_1.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinsqez.exe GID003
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinsqez.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03e4f47e715ce29ec220/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\irl6l53s1.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\hr0o05d3e.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
RKennedy
2006-06-25, 22:19
What is this link to a new forum requiring new registration?>
Then post hijackthis log here for review.
little eagle
2006-06-25, 23:07
What is this link to a new forum requiring new registration?>
Then post hijackthis log here for review.
:blush: Sorry about that.
In add and remove programs remove. SpamBlockerUtility
Download Look2Me-Destroyer.exe (download Look2Me-Destroyer.exe to your desktop.) to your desktop.
* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.
RKennedy
2006-06-25, 23:46
New Log/Look2me to follow
Logfile of HijackThis v1.99.1
Scan saved at 3:45:23 PM, on 6/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\rcss.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\cfg32.exe
C:\dfndra_1.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinsqez.exe GID003
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinsqez.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03e4f47e715ce29ec220/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
RKennedy
2006-06-25, 23:47
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/25/2006 3:28:02 PM
Infected! C:\WINDOWS\system32\irl6l53s1.dll
Infected! C:\WINDOWS\system32\hr0o05d3e.dll
Infected! C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157356.dll
Infected! C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157357.dll
Infected! C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157358.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\irl6l53s1.dll
C:\WINDOWS\system32\irl6l53s1.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157356.dll
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157356.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157357.dll
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157357.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157358.dll
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP901\A0157358.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EBC86F4A-18F9-45FD-B46B-BD577A182F7B}"
HKCR\Clsid\{EBC86F4A-18F9-45FD-B46B-BD577A182F7B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6BCFE295-A197-44D3-8221-BF0DE6D4F1A6}"
HKCR\Clsid\{6BCFE295-A197-44D3-8221-BF0DE6D4F1A6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2DF0035D-3FEC-427C-B67D-3FB1E025ADF5}"
HKCR\Clsid\{2DF0035D-3FEC-427C-B67D-3FB1E025ADF5}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
little eagle
2006-06-26, 00:24
Please download and run CWShredder here (http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe)
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\475~1.0\SBInst.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinsqez.exe GID003
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - http://content.hiwirenetworks.net/in....30/Hiwire.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03e4f47e715ce29...zip/RdxIE2.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache...tup1.0.0.7.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.c...kerutility.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luck...CX/FlashAX.cab
Reboot in safe mode, instructions here. (http://forums.security-central.us/showthread.php?t=1903)
Some of these files my have hidden atributes.
Click Here (http://forums.security-central.us/showthread.php?t=30)Should you need instructions for Showing hidden files and folders in Windows.
Once in safe mode, Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file right click then select delete.
Delete the following file(s) listed in bold.
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\System32\pwinsqez.exe
C:\WINDOWS\cfg32.exe
dfndra_1.exe
kybrd_1.exe
nwnm_1.exe
Delete the following folder(s) listed in bold.
C:\Program Files\SpamBlockerUtility
Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment
RKennedy
2006-06-26, 04:35
Ok. I was able to do most of what you suggested. I noticed that some of things you told me to delete are still there after deleting them.
cfg32r.dll related stuff it seems like.
The "findthewebsiteyouneedstuff" was gone when I reran Hijack this...so I could not delete it.
I tried it twice just to make sure.
Computer still seems a little flakey. Popups seem to be gone....but Im not sure.
Thanks for your quick help.Much appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 8:26:34 PM, on 6/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\rcss.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\cfg32a.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinsqez.exe GID003
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinsqez.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
little eagle
2006-06-26, 04:59
Download Ewido Security Suite (http://www.ewido.net/en/download/) it is a trial version of the program.
Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
Click on scanner
Click on Complete System Scan and the scan will begin.
During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.
RKennedy
2006-06-26, 08:58
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:56:25 AM 6/26/2006
+ Scan result:
C:\Documents and Settings\Danna Kennedy\Local Settings\Temporary Internet Files\Content.IE5\WP2N4LQ7\AppWrap[1].exe -> Adware.AdURL : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temporary Internet Files\Content.IE5\WP2N4LQ7\AppWrap[2].exe -> Adware.AdURL : Cleaned.
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FNGGHWAA\cfg32[1].exe -> Adware.BookedSpace : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\stub_sca3[1].exe -> Adware.BookedSpace : Cleaned.
C:\RECYCLER\S-1-5-21-2436313513-4166307882-922809123-1006\Dc13.exe -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-193227-456.dll -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-193227-931.dll -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-194154-658.dll -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-194154-782.dll -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-214314-666.dll -> Adware.BookedSpace : Cleaned.
C:\Spyware stuff\backups\backup-20060625-214314-728.dll -> Adware.BookedSpace : Cleaned.
C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Cleaned.
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : Cleaned.
C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : Cleaned.
C:\WINDOWS\doskynms.exe -> Adware.BookedSpace : Cleaned.
C:\WINDOWS\zqwezmlo.exe -> Adware.BookedSpace : Cleaned.
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned.
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned.
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned.
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned.
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned.
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned.
C:\Program Files\SpyHunter\Backup\sysdetect.dll.bak -> Adware.BrilliantDigital : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\MEDIAMANAGER -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\MEDIAMANAGER\HISTORY -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\MEDIAMANAGER\HISTORY\<Usr ID='17123031'/><Vs ID='2.5.30.US.koclfm.Release'/><Third-Party USER-ID='' SESSION-ID=''/><Interface v='g'/> -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\MEDIAMANAGER\REPORT -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\Registration -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\hiwire -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\hiwire\Registration -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\kloufm -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\kloufm\Gate -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\kloufm\Registration -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\koclfm -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\koclfm\Gate -> Adware.HiWire : Cleaned.
HKU\S-1-5-21-2436313513-4166307882-922809123-1006\Software\HIWIRE\koclfm\Registration -> Adware.HiWire : Cleaned.
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned.
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned.
C:\Program Files\DAP\DAPBHO.dll -> Adware.IEBar : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FNGGHWAA\Installer[1].exe -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\enrol1931.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\mQg_hook.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\ozecli.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned.
C:\warebundle.exe -> Adware.Look2Me : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temp\NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temp\mit6E.tmp.cab/NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temp\mit6E.tmp/NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned.
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F3EVFGCL\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned.
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned.
C:\Program Files\FileSubmit\Troubled Turkey\nnez_388.exe -> Adware.NewDotNet : Cleaned.
C:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned.
C:\Documents and Settings\All Users\Documents\My Shared Folder\Morph2022.exe -> Adware.WurldMedia : Cleaned.
C:\WINDOWS\system32\ajtkimh.dll -> Adware.WurldMedia : Cleaned.
C:\WINDOWS\system32\mo030414s.dll -> Adware.WurldMedia : Cleaned.
C:\WINDOWS\system32\mobho.dll -> Adware.WurldMedia : Cleaned.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl -> Adware.WurldMedia : Cleaned.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1 -> Adware.WurldMedia : Cleaned.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CLSID -> Adware.WurldMedia : Cleaned.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CurVer -> Adware.WurldMedia : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\ZIGID003[1].exe -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\kwintqez.exe -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\prdsregk.exe -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\psdsregs.exe -> Adware.ZenoSearch : Cleaned.
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temporary Internet Files\Content.IE5\6LCR2BWV\AppWrap[1].exe -> Adware.Zestyfind : Cleaned.
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temp\image12.scr -> Backdoor.SdBot.aad : Cleaned.
C:\Documents and Settings\Danna Kennedy\My Documents\zips\image12.zip/image12.scr -> Backdoor.SdBot.aad : Cleaned.
C:\WINDOWS\__delete_on_reboot__r_c_s_s_._e_x_e_ -> Backdoor.SdBot.aad : Cleaned.
[1708] C:\WINDOWS\rcss.exe -> Backdoor.SdBot.aad : Error during cleaning.
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UOHBYT9J\booterror[1].zip -> Downloader.Adload.bo : Cleaned.
C:\bootinit.exe -> Downloader.Adload.bo : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\drsmartload46a[1].exe -> Downloader.Adload.ch : Cleaned.
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned.
C:\drsmartload46i.exe -> Downloader.Adload.ch : Cleaned.
C:\drsmartload46j.exe -> Downloader.Adload.ch : Cleaned.
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FNGGHWAA\MTE3NDI6ODoxNg[2].exe -> Downloader.Small.buy : Cleaned.
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F3EVFGCL\bootsector[1].zip -> Downloader.VB.afe : Cleaned.
C:\boot.pif -> Downloader.VB.afe : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\drsmartload849a[2].exe -> Downloader.VB.afn : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UOHBYT9J\drsmartload45a[1].exe -> Downloader.VB.afn : Cleaned.
C:\drsmartload45j.exe -> Downloader.VB.afn : Cleaned.
C:\drsmartload849j.exe -> Downloader.VB.afn : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F3EVFGCL\nwnm_1[1].exe -> Hijacker.VB.fc : Cleaned.
C:\nwnm_1.exe -> Hijacker.VB.fc : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FNGGHWAA\dfndra_1[1].exe -> Hijacker.VB.nh : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\dfndra_1[1].exe -> Hijacker.VB.nh : Cleaned.
C:\dfndra_1.exe -> Hijacker.VB.nh : Cleaned.
C:\Program Files\SpyHunter\Backup\F3EZSETP.DLL.bak -> Not-A-Virus.Downloader.Win32.FunWeb : Ignored.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temporary Internet Files\Content.IE5\WP2N4LQ7\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Ignored.
C:\Program Files\SpyHunter\Backup\danna kennedy@2o7[1].txt.bak -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@z1.adserver[1].txt.bak -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@servedby.advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned.
:mozilla.11:C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@centrport[1].txt.bak -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@centrport[2].txt.bak -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@commission-junction[1].txt.bak -> TrackingCookie.Commission-junction : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@data.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@data.coremetrics[2].txt.bak -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Danna Kennedy\Cookies\danna kennedy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.10:C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@fastclick[2].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-bestbuy.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-dig.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-dig.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-foxsports.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-foxsports.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-netquote.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ehg-sonypictures.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@hg1.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@hg1.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@counter2.hitslink[1].txt.bak -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@counter2.hitslink[2].txt.bak -> TrackingCookie.Hitslink : Cleaned.
:mozilla.6:C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@qksrv[1].txt.bak -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@questionmarket[1].txt.bak -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Danna Kennedy\Cookies\danna kennedy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ads.specificpop[1].txt.bak -> TrackingCookie.Specificpop : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@ads.specificpop[2].txt.bak -> TrackingCookie.Specificpop : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@specificpop[1].txt.bak -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Danna Kennedy\Cookies\danna kennedy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Danna Kennedy\Local Settings\Temp\Cookies\danna kennedy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@targetnet[1].txt.bak -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\SpyHunter\Backup\danna kennedy@valueclick[1].txt.bak -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Danna Kennedy\Cookies\danna kennedy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
RKennedy
2006-06-26, 09:39
Logfile of HijackThis v1.99.1
Scan saved at 1:37:37 AM, on 6/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Smtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe (file missing)
little eagle
2006-06-26, 17:22
We will need to disable Edwido's real time protection.
From the system tray: Right-click the system tray icon and uncheck real time protection.
Or from within Edwido -
Under 'Your security status', if the real time protection is active.
Deactivate it by clicking 'real time protection' until the status says 'inactive'.
You may restart it when we are done.
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <<not malware but I would not want it (your choice)
Reboot in safe mode, instructions here. (http://forums.security-central.us/showthread.php?t=1903)
Some of these files my have hidden atributes.
Click Here (http://forums.security-central.us/showthread.php?t=30)Should you need instructions for Showing hidden files and folders in Windows.
Once in safe mode, Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file right click then select delete.
Delete the following folder(s) listed in bold.
C:\Program Files\Viewpoint
Still In safe mode click start then my computer, navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete
To delete the entire contents of the Temp folder. Do not delete the folder it self!!
Then navigate to the C:\Documents and Settings\(EVERY USER)\Local Settings\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete
To delete the entire contents of the Temp folder. Again Do not delete the folder it self!!
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
Run ewido again and post both logs.
RKennedy
2006-06-27, 03:34
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:29:58 PM 6/26/2006
+ Scan result:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FW08TOE7\drsmartload[1].exe -> Downloader.VB.afl : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UOHBYT9J\drsmartload[1].exe -> Downloader.VB.afl : Cleaned.
C:\drsmartload1.exe -> Downloader.VB.afl : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UOHBYT9J\kybrd_1[1].exe -> Hijacker.VB.fc : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UOHBYT9J\kybrd_1[2].exe -> Hijacker.VB.fc : Cleaned.
C:\kybrd_1.exe -> Hijacker.VB.fc : Cleaned.
C:\Program Files\SpyHunter\Backup\F3EZSETP.DLL.bak -> Not-A-Virus.Downloader.Win32.FunWeb : Cleaned.
::Report end
RKennedy
2006-06-27, 03:37
Logfile of HijackThis v1.99.1
Scan saved at 7:37:05 PM, on 6/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Spyware stuff\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe (file missing)
little eagle
2006-06-27, 03:44
Make a restore point.
Then backup your Registry.
click start > run > enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL
Then download RegSeeker http://www.hoverdesk.net/freeware.htm.
Extract it to it's own folder, open and double click RegSeeker.exe to start the program.
Maximize the window and click clean registry. Check all sections and click OK.
When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again.
Then right click within the search results and select delete.
Run it again and again, deleting everything it finds until it finds nothing.
Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything).
In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back.
A reboot may be required for the effects to be seen. Reboot When done.
RKennedy
2006-06-27, 04:05
Thanks again for you efforts. Really appreciate it.
I ran spybot again and all of the things that have always been there...are still there even after all of our work.
I would attach the file but its very large and Ive forgotten which things to omit when doing a spybot report for you guys to look at.
Would that do any good? Or should I just go ahead with your last instructions?
If you would like to see the spybot report...what should I omit?
Thanks
little eagle
2006-06-27, 04:23
Start spybot, Click advanced mode then tools view report.
place a check mark in the boxes shown click green arrow.
Click export. the post the results.
http://security-central.us/pimg/spybot report.JPG
RKennedy
2006-06-27, 04:39
It says "nothing done"...but on previous attempts I did check the "fix" button.
--- Report generated: 2006-06-26 19:53 ---
Central24: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantispyware4
7FaSSt: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
7FaSSt: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE}
7FaSSt: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
CoolWWWSearch: IE Search page (Registry change, nothing done)
HKEY_USERSS-1-5-21-2436313513-4166307882-922809123-1006\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank
BookedSpace: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
BookedSpace: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
Command Service: Data (File, nothing done)
C:\windows\newname.dat
Pacimedia: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
Zeno: Text file (File, nothing done)
C:\WINDOWS\system32\msnav32.ax
Zeno: Library (File, nothing done)
C:\WINDOWS\system32\nt68rrtc12.sys
NewDotNet: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\new.net
NewDotNet: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\new.net
Windows Security Center.SP2Update: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dword:0
Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Windows Security Center.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-16 Includes\Cookies.sbi (*)
2006-06-16 Includes\Dialer.sbi (*)
2006-06-16 Includes\Hijackers.sbi (*)
2006-06-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-06-16 Includes\Malware.sbi (*)
2006-06-16 Includes\PUPS.sbi (*)
2006-06-16 Includes\Revision.sbi (*)
2006-06-16 Includes\Security.sbi (*)
2006-06-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-16 Includes\Trojans.sbi (*)
little eagle
2006-06-27, 05:02
Did you run RegSeeker :confused:
RKennedy
2006-06-27, 17:09
Yes I did run the Regseeker.
I re-ran the Spybot and....Success! No Threats found! Have not seen any popups. I think maybe we have cleaned it up. Here is the latest log.
Logfile of HijackThis v1.99.1
Scan saved at 9:06:18 AM, on 6/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Spyware stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iGlide.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Danna Kennedy\Application Data\Mozilla\Profiles\default\zmr898mz.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146767288\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7B1D247C-23B1-4235-A747-A12275990B97} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it0_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://link.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146810178765
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://webolr3.microgaming.com/luckynugget/webolr/OCX/FlashAX.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\System32\EZTOOL~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
little eagle
2006-06-28, 01:02
Log looks clean. :)
RKennedy
2006-06-28, 06:23
Thanks much for your help. Excellent work!
As the problem appears to be resolved this topic will be archived. :bigthumb:
If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.
Glad we could help. :)