1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

100 percent CPU at every function

Discussion in 'Windows XP' started by dbj15, Aug 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Hello to this forum. As the title says, My HP a430n Computer running XP SP2 locks up at every requested function and shows by the task manager to have the CPU running at 100 percent! I have run the usual antivirus and spyware checks to no avail. The only other symptom I have is the antivirus update (eTrust ezAntivirus) no longer works. It never completes it's connection. My three browsers all seem to connect and run OK other than the terrible lockup of all other functions until the browser finishes a download. All suggestions appreciated. I HAVE JUST GOT AND RUN THE hIJAK THIS PROGRAM. Here is the log file. I hope this helps. ******************************************************************

    Logfile of HijackThis v1.99.1
    Scan saved at 3:05:40 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragService.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Diskeeper Corporation\DiskeeperPro\DkService.exe
    C:\Program Files\BufferZone\CLIENTGUI.EXE
    C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZeroSpyware.exe
    C:\Program Files\ewido anti-malware3'5\ewidoctrl.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\HDD [email protected]\HDDTSvc.exe
    C:\Program Files\Norton Ghost10\Agent\VProSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.215.5

    \QOELoader.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\XP Tools Pro\xptools.exe
    C:\Program Files\XP Tools Pro\xptools.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragCtrl.exe
    C:\Supp\DTemp.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    C:\RollUp\Doughnut.exe
    C:\Program Files\Vasilios Applications\ShutdownXP Enforcer\ShutdownXP Enforcer.exe
    C:\Program Files\XP Tools Pro\xptools.exe
    C:\Program Files\XP Tools Pro\xptools.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Customer-5.3.0.10.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://srch-us10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.rr.com/flash/index.cfm?division=170
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-

    us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.rr.com/flash/index.cfm?division=170
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

    = localhost
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program

    Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Adminimizer.Toolbar - {A8E16533-7A2A-43F1-9EE9-901136EBA5D8} -

    C:\Program Files\Adminimizer\AdminimizerToolbar\AdminToobar.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1

    \GuruNet\Toolbar\GuruNetToolbar.dll
    O3 - Toolbar: ABC Shortcuts - {77EA9EE9-7514-45c6-BCA7-B4BA06AC5681} -

    C:\Program Files\AbcWebShortcuts\AbcShortcuts.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O3 - Toolbar: FreePicGrabber - {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} -

    C:\Program Files\FreePicGrabber\TheBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper

    Corporation\DiskeeperPro\DkIcon.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program

    Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ

    Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ

    Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ

    Firewall\ca.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti

    -Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE"

    /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security

    Suite\caissdt.exe"
    O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1

    \zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash

    /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [XP Tools] C:\Program Files\XP Tools Pro\xptools.exe /min
    O4 - Startup: ShutdownXP Enforcer.lnk = C:\Program Files\Vasilios

    Applications\ShutdownXP Enforcer\ShutdownXP Enforcer.exe
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program

    Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragCtrl.exe
    O4 - Global Startup: DrvTemp.lnk = C:\Supp\DTemp.exe
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program

    Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O4 - Global Startup: RollUp.lnk = C:\RollUp\Doughnut.exe
    O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program

    Files\FreePicGrabber\Options.exe/132
    O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program

    Files\FreePicGrabber\Options.exe/133
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32

    \wweb32.dll/lookup.html
    O8 - Extra context menu item: GuruNet... - file:C:\Program

    Files\GuruNet\Html\atiemenu.htm
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF

    Converter\IEShellExt.dll /100
    O8 - Extra context menu item: Search Dictionary - file://\program files\powershell-xp2

    \search4.htm
    O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp2

    \search3.htm
    O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-

    xp2\search2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program

    Files\closeAll-IeX\closeIeX.exe
    O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-

    00C06D0086BF} - C:\Program Files\closeAll-IeX\closeIeX.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-

    00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-

    00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program

    Files\closeAll-IeX\closeIeY.exe
    O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-

    05B67826C727} - C:\Program Files\closeAll-IeX\closeIeY.exe
    O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} -

    C:\Program Files\WINnerTweak3\PopUp Blocker.exe
    O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-

    40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe
    O9 - Extra button: Adminimizer Editor - {8A697EB4-7B39-474f-BB00-E5A3FBFBE355} -

    C:\Program Files\Adminimizer\AdminimizerToolbar\AdminToobar.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}

    - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %

    windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

    f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.otwesten.de
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

    http://www.goldenram.com/upgradedetect/upgradedetect.cab?5687
    O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} -

    http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

    https://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} -

    http://www.fileeliminator.com/get/BEL/Bug Eliminator.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/Q

    uickTimeInstaller.exe
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -

    http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1}

    (Driver_Detective_v43_Non_Member.DD_v43) -

    http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

    http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

    http://download.abacast.com/download/files/abasetup145.cab
    O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) -

    http://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

    http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) -

    file://C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\msxml3.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -

    http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: zsnotify - C:\WINDOWS\SYSTEM32\zsnotify.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

    Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner -

    C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo

    Magic Defrag1'06\bin\aDefragService.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -

    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program

    Files\BufferZone\ClntSvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1

    \CACHEM~1\CachemanXP.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program

    Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper

    Corporation\DiskeeperPro\DkService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

    anti-malware3'5\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD

    [email protected]\HDDTSvc.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO

    Recorder\ImapiHelper.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program

    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton

    Ghost10\Agent\VProSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

    "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32

    \ssoftsrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. -

    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International,

    Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello dbj15. I am reviewing your HijackThis log now and will post a reply as soon as possible.
     
  3. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    OK, first off I see three antivirus programs on the system -- AntiVir, eTrust, and Symantec (Norton). Rather than providing extra protection as one would think, multiple antivirus programs instead tend to interfere with one another. It is essential to run one antivirus program, but only one should be present. It is also imperative that you keep the antivirus program's definitions up to date. You will need to choose which one to keep and remove the others. This can be done by disabling the AV program via it's System Tray icon and choosing the option to "disable" or "turn off", then removing it through the Control Panel's Add/Remove Programs function. Then I would go to the Program Files folder on C: drive and delete the folder for the uninstalled AV programs if they are still present.
    This issue may even be contributing to the problems that you mention so I would advise taking care of that first.
    And while you are on the Add/Remove Programs list you can also remove jre1.5.0_06 and ewido anti-malware 3'5 as there are newer versions of each to install.
    Also if you see anything with WINnerTweak3 and/or Aluria Spyware Eliminator on the list, remove those too.

    Next, please download and install CCleaner from here.
    Note: if you do not want the Yahoo Toolbar installed with it, make sure you uncheck that option when you get to the window that shows it during the installation process.
    Do not run CCleaner just yet.

    Then download Ewido to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install Ewido by double clicking the installer.
    • Follow the prompts. Make sure that Launch Ewido is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

    Then go here
    http://java.sun.com/javase/downloads/index.jsp

    Click the "Download" button next to
    "Java Runtime Environment (JRE) 5.0 Update 8"

    You should be taken to a page that says
    "J2SE(TM) Runtime Environment 5.0 Update 8"

    Click to put a dot in the circle where it says, "Accept license agreement".

    Then, from the "Windows Platform" box at the top of the list, click where it says, " Windows Online Installation (typical download size is ~MB), Multi-language".

    Choose to run the installation.


    Now we need to stop, disable and delete an added service (023)

    1. To stop a service and set to 'disabled'

    Go to Start > Run and type in Services.msc then click OK

    Click the Extended tab.

    Scroll down until you find the service.

    Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe

    Click once on the service to highlight it.

    Click Stop

    Right-Click on the service.

    Click on 'Properties'

    Select the 'General' tab

    Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

    From the drop-down menu, click on 'Disabled'

    Click the 'Apply' tab, then click 'OK'

    The service is now stopped and disabled.


    2. We will now delete the service:

    1. Open HJT
    2. Click on Config>>Misc Tools>>Delete an NT Service
    3. Type ASEService in the space provided and click OK
    4. The program will ask you to REBOOT --- choose no.

    Use the "Back" button to get back to HijackThis's main interface, press the "Do a system scan only" button, and when it finishes place a check before whichever of the following lines are present:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

    O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe

    O15 - Trusted Zone: http://www.otwesten.de

    Then make sure ALL windows are closed except HijackThis and hit the "Fixed checked" button.

    Print out the following instructions or copy them to Notepad as you will not have internet access from Safe Mode:

    Now, boot the computer into Safe Mode.
    Click here for instructions on how to boot into Safe Mode.

    Next, using Windows Explorer and/or XP's search function, find and delete the following folders marked in bold. Delete ONLY the part in bold:

    C:\Program Files\WINnerTweak3

    C:\Program Files\ALURIA~1 (Not sure of the exact name but delete any folder with "Aluria" in the name.)

    Stay in Safe Mode for the following:

    Run CCleaner:
    Open the program, leave it on the default settings, click on the "Run Cleaner" button, then click "OK". Let it scan and clean until it's finished, and when it says, "Cleaning complete" in the status window, exit the program.

    Run Ewido: (Safe Mode)
    Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
      • Click on the Scan tab.
      • Click on Complete System Scan to start the scan process.
      • Let the program scan the machine.
      • When the scan has finished, follow the instructions below.
        IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
    • When done, click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
      • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    Run a new HijackThis scan, save a logfile this time and when it opens up in Notepad, click the "Edit" tab, make sure that Word Wrap is unchecked, and post the logfile back here along with the report from ewido.
     
  4. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Hello kdd9. Thank you for your attention to my post. I do not see the AntiVir, or Symantic/Norton running on the system as non of them show in the Add/Remove program.
    I did have the eTrust antivirus running as part of the RoadRunner ISP package. It is
    removed at the moment. All of the rest of your instructions have been completed. Here are the resultant Ewido and Hijakthis logs and I await your futher coments. Again, Thank you. ************************************************************

    PLEASE NOTE!!! I tried to post BOTH logs but recieved the following;
    "The text that you have entered is too long (45892 characters). Please shorten it to 30000 characters long." I include the first log (Ewido)on this reply and shall try to send a second post with the (Hijak)second log.

    NOW I GET THIS! "The text that you have entered is too long (31442 characters). Please shorten it to 30000 characters long."

    Please let me know how to get the logs to you.I can zip them and send them via an email.
    ---------------------------------------------------------
     
  5. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Excuse me but the logs have to be posted here. What you have to do is split the logs between the posts, one right after the other. Just copy and paste until they are all in here even if you use three or four areas.
     
  6. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Yes. That should work. Split the logs up and post them in sections in multiple posts.
     
  7. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    May I have an uninstall list from HijackThis too please?

    • * Open up HijackThis again.
      * Click on "Open the Misc Tools section".
      * Click on "Open Uninstall Manager".
      * Click on "Save list".
      * Save it to your Desktop.
      * Copy and paste the list here.
    You can make a seperate Reply for it too.;)

    I want to be sure that you don't wind up with no antivirus at all. Having one dependable antivirus is essential to the protection of your pc.
     
  8. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Hello again. I have reinstalled the eTrust antivirus. Here is part one of three for the Ewido.
    *************************************************************
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------
    + Created at: 3:53:24 PM 8/19/2006
    + Scan result:

    HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Media-Codec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Media-Codec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
    C:\Program Files\IntCodec -> Adware.IntCodec : Cleaned with backup (quarantined).
    C:\2Do-P2-350\2Do-P2-350#2\photcp.zip/cp201.exe -> Adware.TimeSink : Cleaned with backup (quarantined).
    C:\2Do-P2-350\photcp.zip/cp201.exe -> Adware.TimeSink : Cleaned with backup (quarantined).
    C:\Program Files\MindSoft\MindSoft Utilities XP 9\io.exe -> Backdoor.VB.alb : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\4wrk\run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\LIUtilities SpeedUpMyPC v2.0.zip/run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\SpeedUpMyPC 2.01.zip/run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\SpeedUpMyPC 2.04.zip/run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\SpeedUpMyPC 2.04[1].zip/run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\08's\CrkStore\CrackDown Store\[Speedup my pc] Cracks\SpeedUpMyPC v2.04.zip/run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\Program Files\LIUtilities\SpeedUpMyPC\4wrk\run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\Program Files\LIUtilities\SpeedUpMyPC\run.exe -> Downloader.Zlob.vg : Cleaned with backup (quarantined).
    C:\DwnLds\Ubc4Win\plugin\Network\netcat\files\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.321:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.322:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.323:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.324:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.325:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.326:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.327:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.328:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.329:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.330:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.331:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.332:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.333:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.334:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.335:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.339:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.340:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.341:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.342:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.343:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.344:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.345:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.346:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default User\d37bk27h.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    :mozilla.444:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.445:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.446:C:\Documents and Settings\Owner\Application Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    END Split#1*****************************************************************
     
  9. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    This is the second part of the Ewido log*********************************
    Ewido Scan Part#2
    :mozilla.447:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt ->

    TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

    (quarantined).
    :mozilla.11:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned

    with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned

    with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.104:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.105:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.106:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.107:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.108:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.132:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.133:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.239:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.244:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.245:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.246:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.294:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.295:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.296:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.297:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.343:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.344:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.345:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.67:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.69:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Com : Cleaned with

    backup (quarantined).
    :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Com :

    Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][2].txt ->

    TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][3].txt ->

    TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][4].txt ->

    TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][5].txt ->

    TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected]

    zdnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned

    with backup (quarantined).
    :mozilla.46:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned

    with backup (quarantined).
    :mozilla.47:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned

    with backup (quarantined).
    :mozilla.48:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned

    with backup (quarantined).
    :mozilla.274:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with

    backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup

    (quarantined).
    :mozilla.187:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.193:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.314:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.326:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.353:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.386:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.390:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.391:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Googleadservices :

    Cleaned with backup (quarantined).
    :mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

    (quarantined).
    :mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

    (quarantined).
    :mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

    (quarantined).
    :mozilla.383:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Hypertracker : Cleaned

    with backup (quarantined).
    :mozilla.285:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with

    backup (quarantined).
    :mozilla.303:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned

    with backup (quarantined).
    :mozilla.304:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned

    with backup (quarantined).
    :mozilla.305:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned

    with backup (quarantined).
    :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

    (quarantined).
    :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

    (quarantined).
    :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default
    END Split#2
     
  10. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    END Split#2******************************************************************
    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup

    (quarantined).
    :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup

    (quarantined).
    :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

    (quarantined).
    :mozilla.339:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned

    with backup (quarantined).
    :mozilla.340:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned

    with backup (quarantined).
    :mozilla.341:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned

    with backup (quarantined).
    :mozilla.342:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned

    with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup

    (quarantined).
    :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

    (quarantined).
    :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

    (quarantined).
    :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

    (quarantined).
    :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

    (quarantined).
    :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

    (quarantined).
    :mozilla.33:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Firefox\Profiles\esizl9rx.DBJ\cookies.txt -> TrackingCookie.Statcounter :

    Cleaned with backup (quarantined).
    :mozilla.62:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned

    with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned

    with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned

    with backup (quarantined).
    C:\Virtual\Untrusted\C_\Documents and Settings\Owner\Cookies\[email protected][1].txt

    -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned

    with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned

    with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned

    with backup (quarantined).
    :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

    (quarantined).
    :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

    (quarantined).
    :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

    (quarantined).
    :mozilla.95:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with

    backup (quarantined).
    :mozilla.96:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with

    backup (quarantined).
    :mozilla.97:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with

    backup (quarantined).
    :mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup

    (quarantined).
    :mozilla.378:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt ->

    TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    :mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

    (quarantined).
    :mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned with

    backup (quarantined).
    :mozilla.206:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned with

    backup (quarantined).
    :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

    (quarantined).
    :mozilla.152:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned

    with backup (quarantined).
    :mozilla.153:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned

    with backup (quarantined).
    :mozilla.154:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned

    with backup (quarantined).
    :mozilla.456:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Web-stat

    : Cleaned with backup (quarantined).
    :mozilla.457:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Web-stat

    : Cleaned with backup (quarantined).
    :mozilla.458:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Web-stat

    : Cleaned with backup (quarantined).
    :mozilla.338:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned

    with backup (quarantined).
    :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup

    (quarantined).
    :mozilla.143:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned

    with backup (quarantined).
    :mozilla.228:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Yadro :

    Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\Default

    User\d37bk27h.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup

    (quarantined).
    :mozilla.80:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with

    backup (quarantined).
    :mozilla.170:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Zedo :

    Cleaned with backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Zedo :

    Cleaned with backup (quarantined).
    :mozilla.172:C:\Documents and Settings\Owner\Application

    Data\SavedFireFoxProfile\Profiles\axw9lxmx.default\cookies.txt -> TrackingCookie.Zedo :

    Cleaned with backup (quarantined).
    :mozilla.315:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with

    backup (quarantined).
    :mozilla.316:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\D.B.J\ig3lsv3n.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with

    backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with

    backup (quarantined).
    :mozilla.43:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with

    backup (quarantined).
    :mozilla.44:C:\Documents and Settings\Owner\Application

    Data\Mozilla\Profiles\default\24c2j89g.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with

    backup (quarantined).
    C:\DwnLds\07's\7-28-06\QuickTime Pro 7.1.0.210 Full.rar/key1.exe ->

    Trojan.Agent.sk : Cleaned with backup (quarantined).
    C:\DwnLds\07's\7-28-06\QuickTime Pro 7.1.0.210 Full.rar/key.exe ->

    Trojan.Agent.sk : Cleaned with backup (quarantined).


    ::Report end Part3 of 3.
    *************************************************************
    I will try to send the Hijakthis log next.
     
  11. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Here is the hijakthis log**********************************************
    Logfile of HijackThis v1.99.1
    Scan saved at 5:52:20 PM, on 8/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragService.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\BufferZone\ClntSvc.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Diskeeper Corporation\DiskeeperPro\DkService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\HDD [email protected]\HDDTSvc.exe
    C:\Program Files\Norton Ghost10\Agent\VProSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ssoftsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.215.5\QOELoader.exe
    C:\Program Files\BufferZone\CLIENTGUI.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragCtrl.exe
    C:\Supp\DTemp.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    C:\RollUp\Doughnut.exe
    C:\Program Files\Vasilios Applications\ShutdownXP Enforcer\ShutdownXP Enforcer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=170
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=170
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Adminimizer.Toolbar - {A8E16533-7A2A-43F1-9EE9-901136EBA5D8} - C:\Program Files\Adminimizer\AdminimizerToolbar\AdminToobar.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GuruNet\Toolbar\GuruNetToolbar.dll
    O3 - Toolbar: ABC Shortcuts - {77EA9EE9-7514-45c6-BCA7-B4BA06AC5681} - C:\Program Files\AbcWebShortcuts\AbcShortcuts.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O3 - Toolbar: FreePicGrabber - {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - C:\Program Files\FreePicGrabber\TheBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\DiskeeperPro\DkIcon.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
    O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [ZSScheduler] rundll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\zsscheduler.dll", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: ShutdownXP Enforcer.lnk = C:\Program Files\Vasilios Applications\ShutdownXP Enforcer\ShutdownXP Enforcer.exe
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragCtrl.exe
    O4 - Global Startup: DrvTemp.lnk = C:\Supp\DTemp.exe
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O4 - Global Startup: RollUp.lnk = C:\RollUp\Doughnut.exe
    O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program Files\FreePicGrabber\Options.exe/132
    O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program Files\FreePicGrabber\Options.exe/133
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O8 - Extra context menu item: Search Dictionary - file://\program files\powershell-xp2\search4.htm
    O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp2\search3.htm
    O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp2\search2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeAll-IeX\closeIeX.exe
    O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeAll-IeX\closeIeX.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeAll-IeX\closeIeY.exe
    O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeAll-IeX\closeIeY.exe
    O9 - Extra button: Adminimizer Editor - {8A697EB4-7B39-474f-BB00-E5A3FBFBE355} - C:\Program Files\Adminimizer\AdminimizerToolbar\AdminToobar.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?5687
    O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BEL/Bug Eliminator.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
    O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - http://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\msxml3.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: zsnotify - C:\WINDOWS\SYSTEM32\zsnotify.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag1'06\bin\aDefragService.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\DiskeeperPro\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD [email protected]\HDDTSvc.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost10\Agent\VProSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I will send the hijak uninstall log next.
     
  12. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Submitting the Hijakthis Uninstall log ************************************
    123 Copy DVD Uninstall
    1Click DVD Copy 4.2
    3D Night Scenes
    3D Photo Browser 7.6
    7-Zip 3.13
    A1 DVD Copy 1.2.17
    Abacast Client
    ABBYY FineReader 7.0 Professional Edition
    AbcShortcuts 1.0
    AboutTime
    AC3Filter (remove only)
    ACARD Ha! CD Burner
    ACE-HIGH MP3 WAV WMA OGG Converter
    Acronis*True*Image
    Active Ports
    [email protected] UNDELETE DEMO
    Ad-aware 6 Professional
    Ad-Aware SE Personal
    Add/Remove Plus! 2004
    Add/Remove Pro
    Adminimizer Toolbar
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.7
    Adobe Reader Japanese Fonts
    Adobe SVG Viewer 3.0
    Advanced Searchbar for Windows
    Agent Ransack
    All Recorder 2.0.2
    AM-DeadLink
    AnalogX Capture
    AnalogX Vocal Remover
    AnalogX Vocal Remover (WinAmp)
    ArcSoft ShowBiz 2
    Ashampoo Magic Defrag
    Ashampoo Media Player+ 2.03
    Audacity 1.2.3
    Audio Record Wizard v3.7
    AudioConverter Studio 4.2
    AutoStreamer
    Avant Browser (remove only)
    AviSynth 2.5
    Batch File Renamer 2.51
    BitLord 1.0
    BitTorrent 3.4.2
    Bochs 2.1.1 (remove only)
    BufferZone
    Bulba 2006.05
    CachemanXP 1.1
    Camtasia Studio 2
    CCleaner (remove only)
    CDBurnerXP Pro
    Check Identical Files version 2.14
    Cliprex DVD Player Professional
    CloneDVD
    CloneDVD 2.2 Trial Version
    CloseIEx 2.6
    CoffeeCup Free HTML Editor
    CoffeeCup MP3 Rip & Burn
    Computer Information v1.61
    Cool Audio Extractor 1.25
    Cool Edit 2000
    CopyToDVD
    Core FTP Lite 1.3b
    Crazy Browser version 1.05
    Cryptainer LE
    CSDiff
    DART Karaoke Studio
    DCMoviez V.5.0
    DeepBurner v1.1.0.101
    Defragmenter Pro Plus 3.0
    Desktop Ruler 1.70
    DietMP3 4.03.00
    Digital Clock Screen Saver
    Directory Compare 1.6
    Diskeeper Professional Edition
    DivX Codec 3.1alpha release
    DivX Player
    DoubleDesktop
    Dr Pepper Mini Cooper Screen Saver
    DriveClone
    DriverGuide Toolkit
    DSL Speed V3.6
    DU Meter
    DUP-DVD Ver 2.3.0
    DVD Audio Extractor 3.3.1
    DVD Copy Master Pro for Windows
    DVD Decrypter (Remove Only)
    DVD Ripper and Copying Suit 4.0
    DVD Shrink 3.2
    DVD X Copy GOLD v2.5.0 (remove only)
    DVD43 v3.5.3
    DVD-CLONER V2.40
    DVDMagic
    DVDPro 2
    DVDx 2.2
    Easy Internet Sign-up
    eTrust EZ Armor
    Eusing Free Registry Cleaner
    EVEREST Home Edition v1.51
    Evil Player v1.13
    ExplorerXP (remove only)
    ffdshow (remove only)
    File Scavenger 2.1v
    FileMatrix
    FileSpecs extension for Ad-aware 6
    FLAC Installer 1.1.2a (remove only)
    Flashback 1.5
    FlashGet
    FolderSizes 1.0
    Freecorder 2.2
    FreeMeter
    FreePicGrabber
    FreeZip
    FreshUI
    FreshView
    FTP Explorer
    GearDrivers
    GetDiz 3.0
    Google Toolbar for Internet Explorer
    Google Video Player
    Gordian Knot Rip Pack 0.28.7
    GuruNet
    GuruNet IE Toolbar
    G-Zapper v1.0
    HD Tune 1.00
    HDD Temperature
    Hewlett-Packard Multimedia Keyboard/Mouse Solution
    Hide IP Platinum 2.91
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    Hitman Pro
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB914440)
    HP Deskjet Preloaded Printer Drivers
    HP Instant Support
    HP Multimedia Keyboard Software
    hp officejet 7100 series
    HP Organize
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Photo Printing Software
    HP PSC & OfficeJet 3.0
    HP Share-to-Web
    HP Software Update
    HPIZ311
    HTML Reference Library 4.0
    Iceows V4.20a
    Icon Sucker 1.1
    ImageMixer for Sony
    imgv 2.9.4
    IMS Web Dwarf V2
    InCD
    InCD Reader
    Insaniquarium Deluxe 1.0
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    InterActual Player
    InterVideo WinDVD
    iolo technologies' System Mechanic 6
    Iomega Automatic Backup Pro
    IrfanView (remove only)
    ISO Recorder
    IsoBuster 1.6
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2_04
    Java 2 Runtime Environment, SE v1.4.2_05
    Java 2 Runtime Environment, SE v1.4.2_06
    KDiff3 (remove only)
    KISS Wave Editor
    LAN File Searcher v1.0 beta10
    LifeGlobe Goldfish Aquarium
    LSP Explorer Pluginfor Ad-aware 6
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    MAGIX audio & video office SE
    Memories Disc Creator 2.0
    Messenger Control Plugin for Ad-aware
    Microsoft .NET Framework 1.1
    Microsoft ActiveSync 4.0
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition
    Microsoft Windows Journal Viewer
    Microsoft Works 7.0
    MicroStaff WINASPI
    Midi2Wav Recorder
    MindSoft Utilities XP 9
    Morgan Stream Switcher
    Mozilla Firefox (1.5.0.4)
    MP3 Cutter Joiner 1.08
    MP3Lyrix
    MSN Messenger 7.0
    MSN Music Assistant
    MSN Toolbar
    Multimedia Card Reader
    Musicmatch® Jukebox
    MyDVD
    Namo WebCanvas
    Namo WebEditor 6
    Namo WebUtilities
    NaTCH SigJenny v0.989
    Nero Digital
    Nero Media Player
    Nero OEM
    NeroMIX
    NetPerSec
    NoAd HOSTS file (remove only)
    Norton Ghost 10.0
    Notepad2 1.0.12
    NoteTab Light (Remove only)
    NSIS Mixxx
    NVDVD
    NVIDIA Drivers
    NVIDIA Windows 2000/XP Display Drivers
    Opera 9.0
    Panda ActiveScan
    PC Booster
    PC Inspector File Recovery
    PC Pitstop Optimize 1.5
    PC Wizard 2004.1.63
    PC-Doctor for Windows
    PCShowBuzz
    Pirate Ship 3D Screensaver 1.0
    PowerDVD
    PowerFTP 2.31
    PowerShell-XP2
    PS2
    Pure Motion EditStudio 4
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    Quicken 2004
    QuickTime
    RealPlayer
    RecordNow!
    Registry Mechanic 5.2
    RegistryFix v2.3
    RegScrubXP 3.2
    RegSupreme 1.2
    RegSupreme Pro 1.2
    Remove DivX Codec
    RipCast 1.4 PRO
    Rippling Water v5.0
    RssReader
    RVCDPlayer
    Sam Spade version 1.14
    SatelliteTVforPC 2006 Professional Edition 2.6
    ScanSoft PDF Converter
    ScreenFlash
    Screensaver DIY 2.0 TE
    SCWebCam3
    SDP Downloader
    Second Copy 2000
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    SereneScreen Marine Aquarium 2 MD
    SereneScreen Marine Aquarium Time 2
    Serif PhotoPlus 5.5
    Serif PhotoPlus 5.5 Resource Pack
    Serious Samurize
    ShutdownXP Enforcer
    SimpleOCR 3.1
    SiSoftware Sandra Standard 2004 (PCExtreme.net Edition)
    Skype (BETA)
    SlimBrowser (remove only)
    Snapper 3 Installation
    Sonic Update Manager
    Sony Sound Forge Audio Studio 7.0b
    SpamSubtract
    SpeedFan (remove only)
    SpeedUpMyPC Trial
    SplitFile
    Spy Sweeper
    SpyFlush 0.90
    Spyware Doctor 3.2
    Spyware Eliminator
    SpywareBlaster v3.4
    Star Wars 3D Space Battles Screensaver v2.0
    Startup Monitor for Windows
    Steinberg MyMp3PRO V5.0
    Still Waters Screen Saver
    Streambox Vcr Suite 2
    Strip Saver
    StudioLine
    Swtich Window 1.0
    TCP Spy
    The File Splitter 1.21
    The Html Directory
    ThumbsPlus version 6.0
    Time Synchronizer v2.0.020704
    tinySpell 1.3
    toolkit
    Total Commander (Remove or Repair)
    TPP Storage Driver Installation
    TreeSize 1.74
    TrueCast Player
    Tweak UI
    UltraISO V7.25 ME
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Updates from HP
    URL Snooper v2.03.09
    USB Storage Adapter (TPP)
    USB Storage Adapter V2 (TPP)
    USB Storage Adapter V3 (TPP)
    ViCAM Camera Utilities 6.8.5.8 (Remove only)
    VideoLAN VLC media player 0.7.0
    Vidomi (remove only)
    Virtual Magnifying Glass 2.00
    VirtuaWin 2.9
    Visual Comparer 1.30 (build 0364)
    VitalAgent
    VobSub v2.23 (Remove Only)
    Waterfalls Screensaver
    WAV MP3 Editor
    WeatherBug Browser Bar - powered by MyWebSearch
    Web2Text
    Winamp (remove only)
    Window Washer 5
    Windows Driver Package - Realtek Semiconductor Corp. MEDIA 12/12/2003 5.10.00.5410
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Registry Guide 2003
    Windows System Optimizer - Free Edition
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinDriversBackup
    WinOverBoost 2.1.1 beta ENG
    WinPcap 3.1 beta4
    WinPenguins 0.5
    WinRAR archiver
    Winsecure (remove only)
    WinZip
    Wisdom-soft ScreenHunter 4.0 Free
    WordWeb
    XoftSpy
    XoftSpy 3.2.07
    XoftSpy 3.45
    XP Tools Pro 5.96
    xplorer² lite
    ZeroSpyware
    Zone Deluxe Games
    END of log*********************************************************

    where can I find out what this log is about? I would like to understand more of it.

    Please let me know anything else you are in need of. Thank you again for your time.
     
  13. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    First, we need to stop, disable and delete some added services (023)

    1. To stop a service and set to 'disabled'

    Go to Start > Run and type in Services.msc then click OK

    Click the Extended tab.

    Scroll down until you find the service.

    Service:Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

    Click once on the service to highlight it.

    Click Stop

    Right-Click on the service.

    Click on 'Properties'

    Select the 'General' tab

    Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

    From the drop-down menu, click on 'Disabled'

    Click the 'Apply' tab, then click 'OK'

    The service is now stopped and disabled.

    Repeat the same procedure for the following services:

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    2. We will now delete the services:

    1. Open HJT
    2. Click on Config>>Misc Tools>>Delete an NT Service
    3. Type AVWUpSrv in the space provided and click OK
    4. The program will ask you to REBOOT --- chose NO
    5. Repeat for each service listed above. (For Symantec Core LC) you will need to check for the actual name of the service and enter that name if the name is listed a bit differently.)
    6. After entering the last service, choose "YES" at the reboot prompt.
    7. REBOOT into SAFE MODE

    8. Using Windows Explorer and/or Search function, locate and DELETE the following folder marked in bold (if it is still present). Delete ONLY the part in bold:

    C:\Program Files\AVPersonal

    Now, still in the Program Files, right click on each "Symantec" folder and select "Delete".

    And also in Program Files go to the "Common Files" folder at or near the top of the Program Files window. Delete every Symantec folder there.

    Go to Start --> Search --> All Files and Folders --> More Advanced Options. Check each option except for "Case sensitive"
    Now type Norton into the "Search" box and delete each Norton folder from the search results (Again, right click, choose "Delete"). One more time, restart your PC.

    Then repeat the last step except type Symantec in the "Search" box.

    Next you will want to make a backup of Windows Registry:
    How to back up the Windows registry

    Now copy the contents of the Quote box below, paste it into Notepad, and save the file to your desktop as nav.reg -- Save as file type "All files".
    Make sure that there is a blank line at the bottom of the text or the registry fix will not work.
    Make sure there are NO blank lines before REGEDIT4.

    Now double click on the "nav.reg" file on your desktop to execute it. Choose "Yes" when asked if you want to merge the contents with your registry.

    That should completely remove Norton Antivirus from your system.

    9. REBOOT back into Normal Mode

    The system appears to be free of malware.
    However, you can remove the following from the Add/Remove list in the Control Panel:

    • J2SE Runtime Environment 5.0 Update 4
      J2SE Runtime Environment 5.0 Update 6
      Java 2 Runtime Environment, SE v1.4.2_04
      Java 2 Runtime Environment, SE v1.4.2_05
      Java 2 Runtime Environment, SE v1.4.2_06
      WeatherBug Browser Bar - powered by MyWebSearch (Then find the folders for "Weatherbug" and "MyWebSearch" and delete those too.)
      Winsecure (remove only)
      Ad-aware 6 Professional
      LSP Explorer Pluginfor Ad-aware 6
      XoftSpy 3.2.07 -- (keep the 3.45 version)
    FlashGet should be removed as well unless it is the paid version as the unpaid/trial version is known to bring in Cydoor, a type of adware. Then you would want to run HijackThis and when the scan finishes place a check before the following line:

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    Then close all windows except HijackThis and hit the "Fix checked" button.
    Then find the folder for "FlashGet" in Program Files and delete it. If it isn't in Program Files, do a search for FlashGet and delete it from whereever it shows up. Remember, if it is the paid version this won't be necessary.

    The current version of Ad-aware is 1.06. If you have this version keep it, if not, uninstall the one you have and download v1.06 from here.

    Mozilla Firefox can be updated to version 1.5.0.6 by clicking on the "Help" tab on the browser and choosing "Check for updates" from the drop-down menu.

    PC Wizard 2004.1.63 can be uninstalled and a newer version (2006.1.69) can be downloaded from here.

    I would advise against using any of your filesharing programs until I have given the all clear, and also against downloading anything at all during this time except what I have recommended.

    The eTrust antivirus is running fine and you are able to get the updates for it?
    Are you getting any messages from Microsoft Windows Security Center about needing any sort of updates?

    I notice from a previous post that you have 256MB of RAM installed on that pc. I would seriously recommend adding another 256MB minimum to that for a total of at least 512MB. Each little program that you run taxes the system resources to an extent and it is possible that you are running short on RAM.

    To answer your question about learning how to interpret these logs, my best recommendation is to check out the link in my signature. That is where I train at.:)
    If it is the last log in particular (the uninstall list) that you are refering to, it's the same list you get when you go to the Control Panel > Add/Remove Programs.

    In the meantime, would you please post a fresh HijackThis log.
     
  14. dbj15

    dbj15 Thread Starter

    Joined:
    Mar 25, 2003
    Messages:
    46
    Hello kdd9. I have started to follow your 8-23-06 Post to me. Here is where I am and what I ran into regarding it. I was able to stop the services but when I tried to delete the
    services in Hijak, each service came back with the same message of "The service you entered is system critical, It cannot be deleted" By the way, the Core LC service is indeed
    named CCPD-LC and comes back with a message CCPD-LC Not found in registry. I next found that there were two folders in program files of AVPersonal One was AVPersonal6.
    Neither was listed in Add/Remove. I deleted both after seeing that both folders had identical files and dates. The next problem is that there is one norton folder I have not deleted as it is my registered Norton Ghost version 10. The next question is that as there are Symantec folders in Document and Settings for All Users, Admin,Default,Owner,and Windows \System32\Config\Systemprofile\Applicationdata\Norton. If I delete these, will I still be able to run my Norton Ghost? I have not recieved any notice from MSoft for udates.I don't know why the first post said 256 of ram, I have one Gig 1024Mb of DDR-SDRAM installed. I just checked and two testers see the ram as 1024Mb. I will wait to send a hijak log until I hear back from you regarding my questions. Thank you again for your time. I am looking into the Malware Removal University. dbj15
     
  15. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    OK, leave the Norton/Symantec folders for now. Let's use the Norton Removal Tool from their website instead. Click here and follow the directions on the page.

    The RAM is fine. That should be plenty.

    Were you able to remove and update the other programs?

    You mentioned that you reinstalled the eTrust antivirus. Are you able to get updates for it now?

    Are there any changes in the computer behavior? If it is still locking up a lot and CPU usage shows high, try opening up the Task Manager (Ctrl + Alt + Del), click on the "Processes" tab and in the "CPU" column, see if you can find the program(s) running at high CPU usage. That may tell us more.

    I would like to see another HijackThis log after running the Norton Removal Tool, but I am also interested in whether or not we are making a difference in CPU usage so far.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/492166

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice