About blank or coolsearch - HJT log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

KC_AT

Thread Starter
Joined
Jul 1, 2004
Messages
101
help2go Detective advised me to get rid of the "R3 - Default URLSearchHook is missing" item and I did but it keeps coming back, plus I think I have the "about:blank" hijacker and can't seem to get rid of it. Please take a look at my log.Thanks



Logfile of HijackThis v1.99.1
Scan saved at 11:40:12 AM, on 1/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape 6\Netscp6.exe
C:\WINDOWS\system32\netcs32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\windb.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll
O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll
O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll
O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll
O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll
O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll
O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll
O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll
O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll
O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [windb.exe] C:\WINDOWS\windb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] C:\Program Files\Netscape\Netscape 6\Netscp6.exe -turbo
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134202776528
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130196491156
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netcs32.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,070
MFDnSC:

Is Webroot Spy Sweeper going to take care of that CoolWebSearch infestion or do we need to add CWShredder to the mix?

--------------------------------------------------------------------------------------
 
Joined
Sep 7, 2004
Messages
49,014
Dunno - we'll see - I don't like throwing too much at them at one time gets confusing.
 

KC_AT

Thread Starter
Joined
Jul 1, 2004
Messages
101
MFDnSC

Thanks for your help. Below find the log from Spysweeper and another HJT log. Please advise. Thanks

********
3:19 PM: | Start of Session, Thursday, January 12, 2006 |
3:19 PM: Spy Sweeper started
3:19 PM: Sweep initiated using definitions version 556
3:19 PM: Starting Memory Sweep
3:20 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
3:20 PM: Starting Registry Sweep
3:24 PM: Found Trojan Horse: berbew trojan
3:24 PM: HKCR\clsid\{79feacff-ffce-815e-a900-316290b5b738}\ (3 subtraces) (ID = 104289)
3:29 PM: Found Adware: cws-aboutblank
3:29 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
3:30 PM: Found Adware: cws_ns3
3:30 PM: HKCR\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 117661)
3:30 PM: HKCR\clsid\{05bccfdc-9678-9095-77e8-18289db38257}\ (4 subtraces) (ID = 117674)
3:30 PM: HKCR\clsid\{2a9b7b46-3bb6-bb3c-9e0a-6c988b9de22e}\ (4 subtraces) (ID = 117738)
3:30 PM: HKCR\clsid\{2cab7717-202b-8a26-bfd7-fa41ec47a745}\ (4 subtraces) (ID = 117753)
3:30 PM: HKCR\clsid\{3c2e0ac2-347b-07ff-761d-31083c460f98}\ (4 subtraces) (ID = 117793)
3:30 PM: HKCR\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 117807)
3:30 PM: HKCR\clsid\{6d3df846-86be-a81e-c69e-5a1818f8e929}\ (4 subtraces) (ID = 117945)
3:30 PM: HKCR\clsid\{15e6172a-5f7d-3085-1e94-14da8d1a4479}\ (4 subtraces) (ID = 118084)
3:30 PM: HKCR\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 118148)
3:30 PM: HKCR\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (4 subtraces) (ID = 118180)
3:30 PM: HKCR\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 118311)
3:30 PM: HKCR\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 118444)
3:30 PM: HKCR\clsid\{8324d4aa-9fd0-5334-d040-c3b82f9a8957}\ (2 subtraces) (ID = 118544)
3:30 PM: HKCR\clsid\{8735ebdb-e5ce-d8ec-d853-7210e5bc2584}\ (4 subtraces) (ID = 118548)
3:30 PM: HKCR\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 118562)
3:30 PM: HKCR\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (2 subtraces) (ID = 118593)
3:30 PM: HKCR\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (4 subtraces) (ID = 118722)
3:30 PM: HKCR\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (4 subtraces) (ID = 118859)
3:30 PM: HKCR\clsid\{b33c5b98-f4b9-b550-c81a-4ee9720874bf}\ (4 subtraces) (ID = 118860)
3:30 PM: HKCR\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 118910)
3:30 PM: HKCR\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (4 subtraces) (ID = 119085)
3:30 PM: HKCR\clsid\{d1f6b196-ab9f-2b48-c708-0b7cec5da4f9}\ (2 subtraces) (ID = 119088)
3:30 PM: HKCR\clsid\{d85fbaa5-5f33-6173-d800-efd4e38ae63e}\ (4 subtraces) (ID = 119113)
3:30 PM: HKCR\clsid\{e5e59618-febb-174d-3a09-e2ef1b2cda17}\ (4 subtraces) (ID = 119219)
3:30 PM: HKCR\clsid\{f7b868f8-ea98-86a3-d29e-5bce94e2dd6a}\ (4 subtraces) (ID = 119368)
3:30 PM: HKCR\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 119400)
3:30 PM: HKCR\clsid\{fdedd1bb-ee5d-1af2-c50b-11681c5e2a93}\ (4 subtraces) (ID = 119447)
3:30 PM: HKLM\software\classes\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 119539)
3:30 PM: HKLM\software\classes\clsid\{05bccfdc-9678-9095-77e8-18289db38257}\ (4 subtraces) (ID = 119551)
3:30 PM: HKLM\software\classes\clsid\{2a9b7b46-3bb6-bb3c-9e0a-6c988b9de22e}\ (4 subtraces) (ID = 119614)
3:30 PM: HKLM\software\classes\clsid\{2cab7717-202b-8a26-bfd7-fa41ec47a745}\ (4 subtraces) (ID = 119629)
3:30 PM: HKLM\software\classes\clsid\{3c2e0ac2-347b-07ff-761d-31083c460f98}\ (4 subtraces) (ID = 119666)
3:30 PM: HKLM\software\classes\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 119680)
3:30 PM: HKLM\software\classes\clsid\{6d3df846-86be-a81e-c69e-5a1818f8e929}\ (4 subtraces) (ID = 119819)
3:30 PM: HKLM\software\classes\clsid\{15e6172a-5f7d-3085-1e94-14da8d1a4479}\ (4 subtraces) (ID = 119956)
3:30 PM: HKLM\software\classes\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 120016)
3:30 PM: HKLM\software\classes\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (4 subtraces) (ID = 120038)
3:30 PM: HKLM\software\classes\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 120166)
3:30 PM: HKLM\software\classes\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 120291)
3:30 PM: HKLM\software\classes\clsid\{8324d4aa-9fd0-5334-d040-c3b82f9a8957}\ (2 subtraces) (ID = 120390)
3:30 PM: HKLM\software\classes\clsid\{8735ebdb-e5ce-d8ec-d853-7210e5bc2584}\ (4 subtraces) (ID = 120394)
3:30 PM: HKLM\software\classes\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 120409)
3:30 PM: HKLM\software\classes\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (2 subtraces) (ID = 120440)
3:30 PM: HKLM\software\classes\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (4 subtraces) (ID = 120564)
3:30 PM: HKLM\software\classes\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (4 subtraces) (ID = 120698)
3:30 PM: HKLM\software\classes\clsid\{b33c5b98-f4b9-b550-c81a-4ee9720874bf}\ (4 subtraces) (ID = 120699)
3:30 PM: HKLM\software\classes\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 120747)
3:30 PM: HKLM\software\classes\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (4 subtraces) (ID = 120921)
3:30 PM: HKLM\software\classes\clsid\{d1f6b196-ab9f-2b48-c708-0b7cec5da4f9}\ (2 subtraces) (ID = 120924)
3:30 PM: HKLM\software\classes\clsid\{d85fbaa5-5f33-6173-d800-efd4e38ae63e}\ (4 subtraces) (ID = 120949)
3:30 PM: HKLM\software\classes\clsid\{e5e59618-febb-174d-3a09-e2ef1b2cda17}\ (4 subtraces) (ID = 121053)
3:30 PM: HKLM\software\classes\clsid\{f7b868f8-ea98-86a3-d29e-5bce94e2dd6a}\ (4 subtraces) (ID = 121197)
3:30 PM: HKLM\software\classes\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 121227)
3:30 PM: HKLM\software\classes\clsid\{fdedd1bb-ee5d-1af2-c50b-11681c5e2a93}\ (4 subtraces) (ID = 121272)
3:30 PM: Found Adware: cws_tiny0
3:30 PM: HKCR\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (4 subtraces) (ID = 123840)
3:30 PM: HKCR\clsid\{81ae8953-3335-a1bb-5174-f82625372b4e}\ (4 subtraces) (ID = 123896)
3:30 PM: HKCR\clsid\{bd00ab82-f105-58f8-2b31-b600383177e6}\ (4 subtraces) (ID = 123983)
3:30 PM: HKCR\clsid\{dcf499b3-5be2-6f3f-b6c8-fb0597f0ff79}\ (4 subtraces) (ID = 124018)
3:30 PM: HKCR\clsid\{fba372da-732c-2096-07db-aa0e71833d10}\ (4 subtraces) (ID = 124040)
3:30 PM: HKLM\software\classes\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (4 subtraces) (ID = 124075)
3:30 PM: HKLM\software\classes\clsid\{81ae8953-3335-a1bb-5174-f82625372b4e}\ (4 subtraces) (ID = 124128)
3:30 PM: HKLM\software\classes\clsid\{bd00ab82-f105-58f8-2b31-b600383177e6}\ (4 subtraces) (ID = 124212)
3:30 PM: HKLM\software\classes\clsid\{dcf499b3-5be2-6f3f-b6c8-fb0597f0ff79}\ (4 subtraces) (ID = 124247)
3:30 PM: HKLM\software\classes\clsid\{fba372da-732c-2096-07db-aa0e71833d10}\ (4 subtraces) (ID = 124267)
3:34 PM: Found Adware: ezula ilookup
3:34 PM: HKU\.default\software\microsoft\windows\currentversion\runonce\ || web offer (ID = 126120)
3:38 PM: Found Adware: ie driver
3:38 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
3:38 PM: HKLM\software\maxspeed\ (1 subtraces) (ID = 127929)
3:38 PM: HKLM\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (4 subtraces) (ID = 127931)
3:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}\ (4 subtraces) (ID = 128062)
3:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (2 subtraces) (ID = 128065)
4:04 PM: Found Adware: winad
4:04 PM: HKLM\software\winad client\ (1 subtraces) (ID = 147237)
4:06 PM: Found Adware: psguard
4:06 PM: HKCR\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}\ (2 subtraces) (ID = 487755)
4:06 PM: HKLM\software\classes\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}\ (2 subtraces) (ID = 488280)
4:08 PM: HKU\WRSS_Profile_S-1-5-21-2049800414-4092612071-4041588808-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
4:08 PM: Found Adware: bho_sep
4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\sep\ (9 subtraces) (ID = 141642)
4:08 PM: Found Adware: browseraid
4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\updt\ (ID = 105189)
4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || ezwo (ID = 126294)
4:08 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
4:08 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)
4:08 PM: Found Adware: wildmedia
4:08 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || updater (ID = 146721)
4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\runonce\ || web offer (ID = 146954)
4:08 PM: Registry Sweep Complete, Elapsed Time:00:47:38
4:08 PM: Starting Cookie Sweep
4:08 PM: Found Spy Cookie: 360i cookie
4:08 PM: administrator@ct.360i[1].txt (ID = 1962)
4:08 PM: Found Spy Cookie: statcounter cookie
4:08 PM: owner@statcounter[1].txt (ID = 3447)
4:08 PM: Found Spy Cookie: 421 cookie
4:08 PM: system@421[2].txt (ID = 1971)
4:08 PM: Found Spy Cookie: jmnad1 cookie
4:08 PM: system@queue.jmnad1[1].txt (ID = 2888)
4:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:08 PM: Starting File Sweep
4:08 PM: c:\program files\winad client (1 subtraces) (ID = -2147480018)
4:08 PM: c:\program files\maxspeed (ID = -2147480852)
4:08 PM: c:\documents and settings\localservice\application data\{2cf0b992-5eeb-4143-99c0-5297ef71f444} (ID = -2147481310)
4:09 PM: woinstall.exe (ID = 60700)
4:10 PM: Found Adware: apropos
4:10 PM: setup.inf (ID = 50158)
4:10 PM: wingenerics.dll (ID = 50187)
4:11 PM: ezinstall[1].exe (ID = 60463)
4:11 PM: Found Trojan Horse: trojan-downloader-pacisoft
4:11 PM: wmplayer.exe.tmp (ID = 71768)
4:12 PM: Found Adware: tvmedia
4:12 PM: tvmupdater.exe (ID = 81767)
4:14 PM: update10[1].xml (ID = 88405)
4:15 PM: Found Adware: purityscan
4:15 PM: mediaticketsinstaller.inf (ID = 73158)
4:16 PM: setup4.exe (ID = 63134)
4:17 PM: woinstall[1].exe (ID = 60700)
4:17 PM: data.bin (ID = 50106)
4:18 PM: sepsd.bin (ID = 75367)
4:18 PM: Found Adware: coolwebsearch (cws)
4:18 PM: inst2.inf (ID = 54214)
4:18 PM: Found System Monitor: potentially rootkit-masked files
4:18 PM: mainsafe.exe.hdmp (ID = 0)
4:18 PM: mainsafe.exe.mdmp (ID = 0)
4:18 PM: mainsafe.exe.hdmp (ID = 0)
4:18 PM: mainsafe.exe.mdmp (ID = 0)
4:18 PM: mainsafe.exe.mdmp (ID = 0)
4:18 PM: mainsafe.exe.mdmp (ID = 0)
4:18 PM: mainsafe.exe.hdmp (ID = 0)
4:18 PM: mainsafe.exe.hdmp (ID = 0)
4:18 PM: mainsafe.exe.mdmp (ID = 0)
4:18 PM: mainsafe.exe.20051126-213440-00.mdmp (ID = 0)
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid Stream
4:19 PM: Warning: Invalid file - not a PKZip file
4:19 PM: Warning: Invalid file - not a PKZip file
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid file - not a PKZip file
4:20 PM: Warning: Invalid Stream
4:20 PM: File Sweep Complete, Elapsed Time: 00:11:44
4:20 PM: Full Sweep has completed. Elapsed time 01:01:03
4:20 PM: Traces Found: 396
4:24 PM: Removal process initiated
4:24 PM: Quarantining All Traces: potentially rootkit-masked files
4:25 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
4:25 PM: mainsafe.exe.20051126-213440-00.mdmp is in use. It will be removed on reboot.
4:25 PM: Quarantining All Traces: cws_ns3
4:25 PM: Quarantining All Traces: berbew trojan
4:25 PM: Quarantining All Traces: cws-aboutblank
4:25 PM: Quarantining All Traces: trojan-downloader-pacisoft
4:25 PM: Quarantining All Traces: apropos
4:25 PM: Quarantining All Traces: bho_sep
4:25 PM: Quarantining All Traces: browseraid
4:25 PM: Quarantining All Traces: coolwebsearch (cws)
4:25 PM: Quarantining All Traces: cws_tiny0
4:25 PM: Quarantining All Traces: ezula ilookup
4:25 PM: Quarantining All Traces: ie driver
4:25 PM: Quarantining All Traces: psguard
4:25 PM: Quarantining All Traces: purityscan
4:25 PM: Quarantining All Traces: tvmedia
4:25 PM: Quarantining All Traces: wildmedia
4:25 PM: Quarantining All Traces: winad
4:25 PM: Quarantining All Traces: 360i cookie
4:25 PM: Quarantining All Traces: 421 cookie
4:25 PM: Quarantining All Traces: jmnad1 cookie
4:25 PM: Quarantining All Traces: statcounter cookie
4:25 PM: Preparing to restart your computer. Please wait...
4:25 PM: Removal process completed. Elapsed time 00:01:10
********
3:04 PM: | Start of Session, Thursday, January 12, 2006 |
3:04 PM: Spy Sweeper started
3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:05 PM: Updating spyware definitions
3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:05 PM: Updating spyware definitions
3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:13 PM: Updating spyware definitions
3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:13 PM: Updating spyware definitions
3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:13 PM: Updating spyware definitions
3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:13 PM: Updating spyware definitions
3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:14 PM: Updating spyware definitions
3:14 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:19 PM: | End of Session, Thursday, January 12, 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 4:47:36 PM, on 1/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)
O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll (file missing)
O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll (file missing)
O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll (file missing)
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll (file missing)
O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll (file missing)
O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll (file missing)
O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll (file missing)
O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll (file missing)
O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll (file missing)
O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll (file missing)
O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134202776528
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130196491156
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,070
Wait for MFDnSC's reply. He may advise you to install and use CWShredder 2.19 next. It's designed for dealing with CoolWebSearch variants.

-------------------------------------------------------------------------------------
 
Joined
Sep 7, 2004
Messages
49,014
Yeah go ahead and run CWS – I think SS got it but it certainly cannot hurt

What is disabled in msconfig??????????

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)

O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll (file missing)

O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll (file missing)

O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll (file missing)

O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll (file missing)

O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll (file missing)

O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll (file missing)

O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll (file missing)

O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll (file missing)

O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll (file missing)

O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll (file missing)

O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll (file missing)

O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll (file missing)

O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll (file missing)

O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll (file missing)

O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
=================================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Srv32

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
===============================

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top