1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

About blank or coolsearch - HJT log

Discussion in 'Virus & Other Malware Removal' started by KC_AT, Jan 12, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. KC_AT

    KC_AT Thread Starter

    Joined:
    Jul 1, 2004
    Messages:
    101
    help2go Detective advised me to get rid of the "R3 - Default URLSearchHook is missing" item and I did but it keeps coming back, plus I think I have the "about:blank" hijacker and can't seem to get rid of it. Please take a look at my log.Thanks



    Logfile of HijackThis v1.99.1
    Scan saved at 11:40:12 AM, on 1/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Netscape\Netscape 6\Netscp6.exe
    C:\WINDOWS\system32\netcs32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\windb.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R3 - Default URLSearchHook is missing
    N2 - Netscape 6: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
    O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll
    O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll
    O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll
    O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll
    O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
    O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll
    O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll
    O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll
    O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll
    O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll
    O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll
    O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [windb.exe] C:\WINDOWS\windb.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mozilla Quick Launch] C:\Program Files\Netscape\Netscape 6\Netscp6.exe -turbo
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134202776528
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130196491156
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netcs32.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    MFDnSC:

    Is Webroot Spy Sweeper going to take care of that CoolWebSearch infestion or do we need to add CWShredder to the mix?

    --------------------------------------------------------------------------------------
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Dunno - we'll see - I don't like throwing too much at them at one time gets confusing.
     
  5. KC_AT

    KC_AT Thread Starter

    Joined:
    Jul 1, 2004
    Messages:
    101
    MFDnSC

    Thanks for your help. Below find the log from Spysweeper and another HJT log. Please advise. Thanks

    ********
    3:19 PM: | Start of Session, Thursday, January 12, 2006 |
    3:19 PM: Spy Sweeper started
    3:19 PM: Sweep initiated using definitions version 556
    3:19 PM: Starting Memory Sweep
    3:20 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
    3:20 PM: Starting Registry Sweep
    3:24 PM: Found Trojan Horse: berbew trojan
    3:24 PM: HKCR\clsid\{79feacff-ffce-815e-a900-316290b5b738}\ (3 subtraces) (ID = 104289)
    3:29 PM: Found Adware: cws-aboutblank
    3:29 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
    3:30 PM: Found Adware: cws_ns3
    3:30 PM: HKCR\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 117661)
    3:30 PM: HKCR\clsid\{05bccfdc-9678-9095-77e8-18289db38257}\ (4 subtraces) (ID = 117674)
    3:30 PM: HKCR\clsid\{2a9b7b46-3bb6-bb3c-9e0a-6c988b9de22e}\ (4 subtraces) (ID = 117738)
    3:30 PM: HKCR\clsid\{2cab7717-202b-8a26-bfd7-fa41ec47a745}\ (4 subtraces) (ID = 117753)
    3:30 PM: HKCR\clsid\{3c2e0ac2-347b-07ff-761d-31083c460f98}\ (4 subtraces) (ID = 117793)
    3:30 PM: HKCR\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 117807)
    3:30 PM: HKCR\clsid\{6d3df846-86be-a81e-c69e-5a1818f8e929}\ (4 subtraces) (ID = 117945)
    3:30 PM: HKCR\clsid\{15e6172a-5f7d-3085-1e94-14da8d1a4479}\ (4 subtraces) (ID = 118084)
    3:30 PM: HKCR\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 118148)
    3:30 PM: HKCR\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (4 subtraces) (ID = 118180)
    3:30 PM: HKCR\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 118311)
    3:30 PM: HKCR\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 118444)
    3:30 PM: HKCR\clsid\{8324d4aa-9fd0-5334-d040-c3b82f9a8957}\ (2 subtraces) (ID = 118544)
    3:30 PM: HKCR\clsid\{8735ebdb-e5ce-d8ec-d853-7210e5bc2584}\ (4 subtraces) (ID = 118548)
    3:30 PM: HKCR\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 118562)
    3:30 PM: HKCR\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (2 subtraces) (ID = 118593)
    3:30 PM: HKCR\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (4 subtraces) (ID = 118722)
    3:30 PM: HKCR\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (4 subtraces) (ID = 118859)
    3:30 PM: HKCR\clsid\{b33c5b98-f4b9-b550-c81a-4ee9720874bf}\ (4 subtraces) (ID = 118860)
    3:30 PM: HKCR\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 118910)
    3:30 PM: HKCR\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (4 subtraces) (ID = 119085)
    3:30 PM: HKCR\clsid\{d1f6b196-ab9f-2b48-c708-0b7cec5da4f9}\ (2 subtraces) (ID = 119088)
    3:30 PM: HKCR\clsid\{d85fbaa5-5f33-6173-d800-efd4e38ae63e}\ (4 subtraces) (ID = 119113)
    3:30 PM: HKCR\clsid\{e5e59618-febb-174d-3a09-e2ef1b2cda17}\ (4 subtraces) (ID = 119219)
    3:30 PM: HKCR\clsid\{f7b868f8-ea98-86a3-d29e-5bce94e2dd6a}\ (4 subtraces) (ID = 119368)
    3:30 PM: HKCR\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 119400)
    3:30 PM: HKCR\clsid\{fdedd1bb-ee5d-1af2-c50b-11681c5e2a93}\ (4 subtraces) (ID = 119447)
    3:30 PM: HKLM\software\classes\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 119539)
    3:30 PM: HKLM\software\classes\clsid\{05bccfdc-9678-9095-77e8-18289db38257}\ (4 subtraces) (ID = 119551)
    3:30 PM: HKLM\software\classes\clsid\{2a9b7b46-3bb6-bb3c-9e0a-6c988b9de22e}\ (4 subtraces) (ID = 119614)
    3:30 PM: HKLM\software\classes\clsid\{2cab7717-202b-8a26-bfd7-fa41ec47a745}\ (4 subtraces) (ID = 119629)
    3:30 PM: HKLM\software\classes\clsid\{3c2e0ac2-347b-07ff-761d-31083c460f98}\ (4 subtraces) (ID = 119666)
    3:30 PM: HKLM\software\classes\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 119680)
    3:30 PM: HKLM\software\classes\clsid\{6d3df846-86be-a81e-c69e-5a1818f8e929}\ (4 subtraces) (ID = 119819)
    3:30 PM: HKLM\software\classes\clsid\{15e6172a-5f7d-3085-1e94-14da8d1a4479}\ (4 subtraces) (ID = 119956)
    3:30 PM: HKLM\software\classes\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 120016)
    3:30 PM: HKLM\software\classes\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (4 subtraces) (ID = 120038)
    3:30 PM: HKLM\software\classes\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 120166)
    3:30 PM: HKLM\software\classes\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 120291)
    3:30 PM: HKLM\software\classes\clsid\{8324d4aa-9fd0-5334-d040-c3b82f9a8957}\ (2 subtraces) (ID = 120390)
    3:30 PM: HKLM\software\classes\clsid\{8735ebdb-e5ce-d8ec-d853-7210e5bc2584}\ (4 subtraces) (ID = 120394)
    3:30 PM: HKLM\software\classes\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 120409)
    3:30 PM: HKLM\software\classes\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (2 subtraces) (ID = 120440)
    3:30 PM: HKLM\software\classes\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (4 subtraces) (ID = 120564)
    3:30 PM: HKLM\software\classes\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (4 subtraces) (ID = 120698)
    3:30 PM: HKLM\software\classes\clsid\{b33c5b98-f4b9-b550-c81a-4ee9720874bf}\ (4 subtraces) (ID = 120699)
    3:30 PM: HKLM\software\classes\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 120747)
    3:30 PM: HKLM\software\classes\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (4 subtraces) (ID = 120921)
    3:30 PM: HKLM\software\classes\clsid\{d1f6b196-ab9f-2b48-c708-0b7cec5da4f9}\ (2 subtraces) (ID = 120924)
    3:30 PM: HKLM\software\classes\clsid\{d85fbaa5-5f33-6173-d800-efd4e38ae63e}\ (4 subtraces) (ID = 120949)
    3:30 PM: HKLM\software\classes\clsid\{e5e59618-febb-174d-3a09-e2ef1b2cda17}\ (4 subtraces) (ID = 121053)
    3:30 PM: HKLM\software\classes\clsid\{f7b868f8-ea98-86a3-d29e-5bce94e2dd6a}\ (4 subtraces) (ID = 121197)
    3:30 PM: HKLM\software\classes\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 121227)
    3:30 PM: HKLM\software\classes\clsid\{fdedd1bb-ee5d-1af2-c50b-11681c5e2a93}\ (4 subtraces) (ID = 121272)
    3:30 PM: Found Adware: cws_tiny0
    3:30 PM: HKCR\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (4 subtraces) (ID = 123840)
    3:30 PM: HKCR\clsid\{81ae8953-3335-a1bb-5174-f82625372b4e}\ (4 subtraces) (ID = 123896)
    3:30 PM: HKCR\clsid\{bd00ab82-f105-58f8-2b31-b600383177e6}\ (4 subtraces) (ID = 123983)
    3:30 PM: HKCR\clsid\{dcf499b3-5be2-6f3f-b6c8-fb0597f0ff79}\ (4 subtraces) (ID = 124018)
    3:30 PM: HKCR\clsid\{fba372da-732c-2096-07db-aa0e71833d10}\ (4 subtraces) (ID = 124040)
    3:30 PM: HKLM\software\classes\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (4 subtraces) (ID = 124075)
    3:30 PM: HKLM\software\classes\clsid\{81ae8953-3335-a1bb-5174-f82625372b4e}\ (4 subtraces) (ID = 124128)
    3:30 PM: HKLM\software\classes\clsid\{bd00ab82-f105-58f8-2b31-b600383177e6}\ (4 subtraces) (ID = 124212)
    3:30 PM: HKLM\software\classes\clsid\{dcf499b3-5be2-6f3f-b6c8-fb0597f0ff79}\ (4 subtraces) (ID = 124247)
    3:30 PM: HKLM\software\classes\clsid\{fba372da-732c-2096-07db-aa0e71833d10}\ (4 subtraces) (ID = 124267)
    3:34 PM: Found Adware: ezula ilookup
    3:34 PM: HKU\.default\software\microsoft\windows\currentversion\runonce\ || web offer (ID = 126120)
    3:38 PM: Found Adware: ie driver
    3:38 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
    3:38 PM: HKLM\software\maxspeed\ (1 subtraces) (ID = 127929)
    3:38 PM: HKLM\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (4 subtraces) (ID = 127931)
    3:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}\ (4 subtraces) (ID = 128062)
    3:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (2 subtraces) (ID = 128065)
    4:04 PM: Found Adware: winad
    4:04 PM: HKLM\software\winad client\ (1 subtraces) (ID = 147237)
    4:06 PM: Found Adware: psguard
    4:06 PM: HKCR\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}\ (2 subtraces) (ID = 487755)
    4:06 PM: HKLM\software\classes\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}\ (2 subtraces) (ID = 488280)
    4:08 PM: HKU\WRSS_Profile_S-1-5-21-2049800414-4092612071-4041588808-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
    4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    4:08 PM: Found Adware: bho_sep
    4:08 PM: HKU\S-1-5-21-2049800414-4092612071-4041588808-1003\software\sep\ (9 subtraces) (ID = 141642)
    4:08 PM: Found Adware: browseraid
    4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\updt\ (ID = 105189)
    4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || ezwo (ID = 126294)
    4:08 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    4:08 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)
    4:08 PM: Found Adware: wildmedia
    4:08 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || updater (ID = 146721)
    4:08 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\runonce\ || web offer (ID = 146954)
    4:08 PM: Registry Sweep Complete, Elapsed Time:00:47:38
    4:08 PM: Starting Cookie Sweep
    4:08 PM: Found Spy Cookie: 360i cookie
    4:08 PM: [email protected][1].txt (ID = 1962)
    4:08 PM: Found Spy Cookie: statcounter cookie
    4:08 PM: [email protected][1].txt (ID = 3447)
    4:08 PM: Found Spy Cookie: 421 cookie
    4:08 PM: [email protected][2].txt (ID = 1971)
    4:08 PM: Found Spy Cookie: jmnad1 cookie
    4:08 PM: [email protected][1].txt (ID = 2888)
    4:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    4:08 PM: Starting File Sweep
    4:08 PM: c:\program files\winad client (1 subtraces) (ID = -2147480018)
    4:08 PM: c:\program files\maxspeed (ID = -2147480852)
    4:08 PM: c:\documents and settings\localservice\application data\{2cf0b992-5eeb-4143-99c0-5297ef71f444} (ID = -2147481310)
    4:09 PM: woinstall.exe (ID = 60700)
    4:10 PM: Found Adware: apropos
    4:10 PM: setup.inf (ID = 50158)
    4:10 PM: wingenerics.dll (ID = 50187)
    4:11 PM: ezinstall[1].exe (ID = 60463)
    4:11 PM: Found Trojan Horse: trojan-downloader-pacisoft
    4:11 PM: wmplayer.exe.tmp (ID = 71768)
    4:12 PM: Found Adware: tvmedia
    4:12 PM: tvmupdater.exe (ID = 81767)
    4:14 PM: update10[1].xml (ID = 88405)
    4:15 PM: Found Adware: purityscan
    4:15 PM: mediaticketsinstaller.inf (ID = 73158)
    4:16 PM: setup4.exe (ID = 63134)
    4:17 PM: woinstall[1].exe (ID = 60700)
    4:17 PM: data.bin (ID = 50106)
    4:18 PM: sepsd.bin (ID = 75367)
    4:18 PM: Found Adware: coolwebsearch (cws)
    4:18 PM: inst2.inf (ID = 54214)
    4:18 PM: Found System Monitor: potentially rootkit-masked files
    4:18 PM: mainsafe.exe.hdmp (ID = 0)
    4:18 PM: mainsafe.exe.mdmp (ID = 0)
    4:18 PM: mainsafe.exe.hdmp (ID = 0)
    4:18 PM: mainsafe.exe.mdmp (ID = 0)
    4:18 PM: mainsafe.exe.mdmp (ID = 0)
    4:18 PM: mainsafe.exe.mdmp (ID = 0)
    4:18 PM: mainsafe.exe.hdmp (ID = 0)
    4:18 PM: mainsafe.exe.hdmp (ID = 0)
    4:18 PM: mainsafe.exe.mdmp (ID = 0)
    4:18 PM: mainsafe.exe.20051126-213440-00.mdmp (ID = 0)
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid Stream
    4:19 PM: Warning: Invalid file - not a PKZip file
    4:19 PM: Warning: Invalid file - not a PKZip file
    4:19 PM: Warning: Unhandled Archive Type
    4:19 PM: Warning: Unhandled Archive Type
    4:19 PM: Warning: Unhandled Archive Type
    4:19 PM: Warning: Unhandled Archive Type
    4:19 PM: Warning: Unhandled Archive Type
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid file - not a PKZip file
    4:20 PM: Warning: Invalid Stream
    4:20 PM: File Sweep Complete, Elapsed Time: 00:11:44
    4:20 PM: Full Sweep has completed. Elapsed time 01:01:03
    4:20 PM: Traces Found: 396
    4:24 PM: Removal process initiated
    4:24 PM: Quarantining All Traces: potentially rootkit-masked files
    4:25 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.hdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.mdmp is in use. It will be removed on reboot.
    4:25 PM: mainsafe.exe.20051126-213440-00.mdmp is in use. It will be removed on reboot.
    4:25 PM: Quarantining All Traces: cws_ns3
    4:25 PM: Quarantining All Traces: berbew trojan
    4:25 PM: Quarantining All Traces: cws-aboutblank
    4:25 PM: Quarantining All Traces: trojan-downloader-pacisoft
    4:25 PM: Quarantining All Traces: apropos
    4:25 PM: Quarantining All Traces: bho_sep
    4:25 PM: Quarantining All Traces: browseraid
    4:25 PM: Quarantining All Traces: coolwebsearch (cws)
    4:25 PM: Quarantining All Traces: cws_tiny0
    4:25 PM: Quarantining All Traces: ezula ilookup
    4:25 PM: Quarantining All Traces: ie driver
    4:25 PM: Quarantining All Traces: psguard
    4:25 PM: Quarantining All Traces: purityscan
    4:25 PM: Quarantining All Traces: tvmedia
    4:25 PM: Quarantining All Traces: wildmedia
    4:25 PM: Quarantining All Traces: winad
    4:25 PM: Quarantining All Traces: 360i cookie
    4:25 PM: Quarantining All Traces: 421 cookie
    4:25 PM: Quarantining All Traces: jmnad1 cookie
    4:25 PM: Quarantining All Traces: statcounter cookie
    4:25 PM: Preparing to restart your computer. Please wait...
    4:25 PM: Removal process completed. Elapsed time 00:01:10
    ********
    3:04 PM: | Start of Session, Thursday, January 12, 2006 |
    3:04 PM: Spy Sweeper started
    3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:05 PM: Updating spyware definitions
    3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:05 PM: Updating spyware definitions
    3:05 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:13 PM: Updating spyware definitions
    3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:13 PM: Updating spyware definitions
    3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:13 PM: Updating spyware definitions
    3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:13 PM: Updating spyware definitions
    3:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:14 PM: Updating spyware definitions
    3:14 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
    3:19 PM: | End of Session, Thursday, January 12, 2006 |

    Logfile of HijackThis v1.99.1
    Scan saved at 4:47:36 PM, on 1/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R3 - Default URLSearchHook is missing
    N2 - Netscape 6: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zukec0nx.slt\prefs.js)
    O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)
    O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll (file missing)
    O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll (file missing)
    O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll (file missing)
    O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll (file missing)
    O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll (file missing)
    O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll (file missing)
    O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll (file missing)
    O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll (file missing)
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll (file missing)
    O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll (file missing)
    O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll (file missing)
    O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134202776528
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130196491156
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Wait for MFDnSC's reply. He may advise you to install and use CWShredder 2.19 next. It's designed for dealing with CoolWebSearch variants.

    -------------------------------------------------------------------------------------
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yeah go ahead and run CWS – I think SS got it but it certainly cannot hurt

    What is disabled in msconfig??????????

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntvi.dll (file missing)

    O2 - BHO: Class - {0881C986-B6BB-AF3E-3342-FEB7E2AC6166} - C:\WINDOWS\system32\atlut.dll (file missing)

    O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\mfcan32.dll (file missing)

    O2 - BHO: Class - {24EF33EA-EE7F-BE3D-A23F-D28794BFB154} - C:\WINDOWS\system32\d3zm32.dll (file missing)

    O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll (file missing)

    O2 - BHO: Class - {44C95773-C5F6-5AC5-71DB-BB67B4828BF6} - C:\WINDOWS\ipqx.dll (file missing)

    O2 - BHO: Class - {461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} - C:\WINDOWS\crjt.dll (file missing)

    O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javajy32.dll (file missing)

    O2 - BHO: Class - {790066A1-58C7-6A3E-EDD2-1EC115CFF1A9} - C:\WINDOWS\appjs.dll (file missing)

    O2 - BHO: Class - {9145FC5B-5E68-A3C0-BB87-B07D6BFAE5AD} - C:\WINDOWS\system32\iecj32.dll (file missing)

    O2 - BHO: Class - {B59369AB-D3F0-9278-45A2-28263ADC7061} - C:\WINDOWS\system32\crln.dll (file missing)

    O2 - BHO: Class - {D8010B5A-E220-B876-B855-D2861F450A0C} - C:\WINDOWS\system32\mfcur32.dll (file missing)

    O2 - BHO: Class - {D80B27CE-F1A4-ECFC-9910-A8D25AC38ED1} - C:\WINDOWS\system32\winnx.dll (file missing)

    O2 - BHO: Class - {EC73435F-7691-D324-69A7-013F3F1991EB} - C:\WINDOWS\system32\ntec.dll (file missing)

    O2 - BHO: Class - {EDD539C0-F8EB-2A8D-78A5-44A66D05F475} - C:\WINDOWS\applz.dll (file missing)

    O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
    =================================
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Srv32

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
    ===============================

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/433530

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice