Bloodhound.w32.ep infected wininet.dll

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mika07

Thread Starter
Joined
Dec 25, 2005
Messages
5
Hi, I have had Norton Anti-Virus pop-up saying Wininet.dll has been infected with Bloodhound.w32.ep but is unable to remove it. I have tried running different antivirus programs but had no luck. I tried following removal instructions on a support forum but had no luck either, but now my MSN messenger is unable to start. I'm thinking I might have deleted a registry key that was legit. If you could help me it will be great :) .

Here is my HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:32:02, on 2005/12/25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Nzseumq\Kibo.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\w?nspool.exe
C:\WINDOWS\System32\ipxmontr.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\とみたみか\デスクトップ\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: (no name) - {4BFB6859-E166-5AE7-8521-115578F62C4A} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 22
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dohhv] C:\Program Files\Nzseumq\Kibo.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gyonyzaz] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [ipxmontr] C:\WINDOWS\System32\ipxmontr.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Bookshelfで検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: JWord (日本語キーワード) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 辞書バー - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [!CNS] JWord (日本語キーワード)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! JAPAN Multi-Millionaire - http://yog35.games.mci.yahoo.co.jp/yog/yj/mmt5_x.cab
O16 - DPF: Yahoo! JAPAN Othello - http://yog41.games.mci.yahoo.co.jp/yog/yj/rt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30638f605e0321905c03/netzip/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • [*]Sweep Memory
      [*]Sweep Registry
      [*]Sweep Cookies
      [*]Sweep All User Accounts
      [*]Enable Direct Disk Sweeping
      [*]Sweep Contents of Compressed Files
      [*]Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

mika07

Thread Starter
Joined
Dec 25, 2005
Messages
5
Thanks, I'll try that, but it seems it's going to take a long time for Spy Sweeper to finish sweeping...
 

mika07

Thread Starter
Joined
Dec 25, 2005
Messages
5
Spy Sweeper finally finished scanning everything, and here is the Session log.

********
13:04: | Start of Session, 2005年12月25日 |
13:04: Spy Sweeper started
13:04: Sweep initiated using definitions version 589
13:04: Starting Memory Sweep
13:05: Found Adware: cnsmin
13:05: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
13:06: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll (ID = 53267)
13:06: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinSV.dll (ID = 53270)
13:06: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinEx.dll (ID = 53263)
13:06: Found Adware: psguard
13:06: Detected running threat: C:\WINDOWS\system32\oleext.dll (ID = 134)
13:08: Found Adware: memorywatcher
13:08: Detected running threat: C:\WINDOWS\system32\w?nspool.exe (ID = 69622)
13:08: HKU\S-1-5-21-372829268-2693076698-917563655-1006\Software\Microsoft\Windows\CurrentVersion\Run || Gyonyzaz (ID = 0)
13:17: Memory Sweep Complete, Elapsed Time: 00:13:03
13:17: Starting Registry Sweep
13:17: Found Adware: altnet
13:17: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
13:17: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
13:17: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
13:17: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
13:17: HKCR\interface\{df692509-d9ef-48a0-9cd0-3aa5b81f6f68}\ (8 subtraces) (ID = 106179)
13:17: HKLM\software\interchina\ (3 subtraces) (ID = 106211)
13:17: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (57 subtraces) (ID = 106213)
13:17: HKLM\software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}\ (6 subtraces) (ID = 106217)
13:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{118ce65f-5d86-4aea-a9bd-94f92b89119f}\ (1 subtraces) (ID = 106233)
13:17: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cnsmin.dll\ (2 subtraces) (ID = 106241)
13:17: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
13:17: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\cnsmin.dll (ID = 106247)
13:17: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
13:17: HKCR\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267}\ (9 subtraces) (ID = 106264)
13:17: Found Adware: comet cursor
13:17: HKCR\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106471)
13:17: HKCR\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106505)
13:17: HKLM\software\classes\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106652)
13:17: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106682)
13:17: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\proxystubclsid32\ (1 subtraces) (ID = 106683)
13:17: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\typelib\ (2 subtraces) (ID = 106684)
13:17: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/comet.dll\ (2 subtraces) (ID = 106739)
13:17: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\comet.dll (ID = 106742)
13:18: Found Adware: gain - common components
13:18: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1019.dll\ (2 subtraces) (ID = 126765)
13:18: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hdplugin1019.dll (ID = 126786)
13:18: Found Adware: internetoptimizer
13:18: HKLM\software\avenue media\ (ID = 128888)
13:18: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
13:18: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
13:18: HKLM\software\policies\avenue media\ (ID = 128929)
13:18: Found Adware: ist istbar
13:18: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll\ (2 subtraces) (ID = 129124)
13:18: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\istactivex.dll (ID = 129174)
13:18: Found Adware: keenvalue/perfectnav
13:18: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
13:18: Found Adware: ist powerscan
13:18: HKLM\software\powerscan\ (1 subtraces) (ID = 136824)
13:18: Found Adware: whenu savenow
13:18: HKCR\wusn.1\ (1 subtraces) (ID = 140463)
13:18: Found Adware: topsearch
13:18: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
13:18: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
13:18: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
13:18: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
13:18: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
13:18: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
13:18: Found Adware: winad
13:18: HKCR\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147155)
13:18: HKLM\software\classes\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147169)
13:18: HKLM\software\classes\winadservx.installer\ (3 subtraces) (ID = 147178)
13:18: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
13:18: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\ (2 subtraces) (ID = 147195)
13:18: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadservx.dll (ID = 147224)
13:18: HKCR\winadservx.installer\ (3 subtraces) (ID = 147246)
13:18: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
13:18: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
13:18: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
13:18: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
13:18: HKCR\wusn.1\ (1 subtraces) (ID = 635412)
13:18: HKLM\software\classes\wusn.1\ (1 subtraces) (ID = 635554)
13:18: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
13:18: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
13:18: Found Adware: 7adpower
13:18: HKCR\progetto1.int_ver32\ (3 subtraces) (ID = 831501)
13:18: HKCR\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831505)
13:18: HKCR\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831589)
13:18: HKLM\software\classes\progetto1.int_ver32\ (3 subtraces) (ID = 831690)
13:18: HKLM\software\classes\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831694)
13:18: HKLM\software\classes\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831778)
13:18: HKLM\software\3721\ (19 subtraces) (ID = 872107)
13:18: HKLM\software\3721\cnsmin\ (16 subtraces) (ID = 872108)
13:18: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
13:18: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
13:18: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
13:18: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
13:18: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
13:18: HKLM\software\classes\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267}\ (9 subtraces) (ID = 1041978)
13:18: HKU\WRSS_Profile_S-1-5-21-372829268-2693076698-917563655-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
13:18: Found Adware: cashfiesta
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\config\ || startmode (ID = 105401)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\config\ || autostart (ID = 105402)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\config\ || fading (ID = 105403)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\config\ || ypos (ID = 105404)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\install\ (1 subtraces) (ID = 105405)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\cashfiesta\update\ (ID = 105406)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\cashfiesta\ (14 subtraces) (ID = 105407)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\3721\ (103 subtraces) (ID = 106182)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnsautoupdate (ID = 106221)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnsenable (ID = 106222)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnslist (ID = 106224)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnsmenu (ID = 106225)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
13:18: Found Adware: cydoor peer-to-peer dependency
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\kazaa\promotions\cydoor\ (6 subtraces) (ID = 124527)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\avenue media\ (ID = 128887)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\policies\avenue media\ (ID = 128928)
13:18: Found Adware: whenu
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\whenu\ (ID = 140455)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
13:18: HKU\S-1-5-21-372829268-2693076698-917563655-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
13:18: Registry Sweep Complete, Elapsed Time:00:01:20
13:19: Starting Cookie Sweep
13:19: Found Spy Cookie: sandboxer cookie
13:19: とみたみか@0[1].txt (ID = 3282)
13:19: Found Spy Cookie: 2o7.net cookie
13:19: とみたみか@112.2o7[2].txt (ID = 1958)
13:19: Found Spy Cookie: 247realmedia cookie
13:19: とみたみか@247realmedia[1].txt (ID = 1953)
13:19: とみたみか@2o7[1].txt (ID = 1957)
13:19: Found Spy Cookie: about cookie
13:19: とみたみか@80music.about[1].txt (ID = 2038)
13:19: とみたみか@about[1].txt (ID = 2037)
13:19: Found Spy Cookie: yieldmanager cookie
13:19: とみたみか@ad.yieldmanager[1].txt (ID = 3751)
13:19: Found Spy Cookie: adknowledge cookie
13:19: とみたみか@adknowledge[1].txt (ID = 2072)
13:19: Found Spy Cookie: adlegend cookie
13:19: とみたみか@adlegend[1].txt (ID = 2074)
13:19: Found Spy Cookie: hbmediapro cookie
13:19: とみたみか@adopt.hbmediapro[1].txt (ID = 2768)
13:19: Found Spy Cookie: specificclick.com cookie
13:19: とみたみか@adopt.specificclick[2].txt (ID = 3400)
13:19: Found Spy Cookie: adrevolver cookie
13:19: とみたみか@adrevolver[1].txt (ID = 2088)
13:19: とみたみか@adrevolver[2].txt (ID = 2088)
13:19: Found Spy Cookie: addynamix cookie
13:19: とみたみか@ads.addynamix[2].txt (ID = 2062)
13:19: Found Spy Cookie: pointroll cookie
13:19: とみたみか@ads.pointroll[2].txt (ID = 3148)
13:19: Found Spy Cookie: advertising cookie
13:19: とみたみか@advertising[2].txt (ID = 2175)
13:19: Found Spy Cookie: apmebf cookie
13:19: とみたみか@apmebf[1].txt (ID = 2229)
13:19: Found Spy Cookie: falkag cookie
13:19: とみたみか@as-eu.falkag[1].txt (ID = 2650)
13:19: とみたみか@as-us.falkag[2].txt (ID = 2650)
13:19: とみたみか@asahishimbun.122.2o7[1].txt (ID = 1958)
13:19: Found Spy Cookie: ask cookie
13:19: とみたみか@ask[1].txt (ID = 2245)
13:19: Found Spy Cookie: atlas dmt cookie
13:19: とみたみか@atdmt[2].txt (ID = 2253)
13:19: Found Spy Cookie: belnk cookie
13:19: とみたみか@ath.belnk[1].txt (ID = 2293)
13:19: Found Spy Cookie: atwola cookie
13:19: とみたみか@atwola[2].txt (ID = 2255)
13:19: Found Spy Cookie: azjmp cookie
13:19: とみたみか@azjmp[2].txt (ID = 2270)
13:19: Found Spy Cookie: a cookie
13:19: とみたみか@a[1].txt (ID = 2027)
13:19: とみたみか@belnk[2].txt (ID = 2292)
13:19: Found Spy Cookie: bizrate cookie
13:19: とみたみか@bizrate[2].txt (ID = 2308)
13:19: Found Spy Cookie: bluestreak cookie
13:19: とみたみか@bluestreak[2].txt (ID = 2314)
13:19: Found Spy Cookie: bravenet cookie
13:19: とみたみか@bravenet[1].txt (ID = 2322)
13:19: Found Spy Cookie: burstnet cookie
13:19: とみたみか@burstnet[1].txt (ID = 2336)
13:19: Found Spy Cookie: directtrack cookie
13:19: とみたみか@canadiansponsors.directtrack[1].txt (ID = 2528)
13:19: Found Spy Cookie: casalemedia cookie
13:19: とみたみか@casalemedia[1].txt (ID = 2354)
13:19: Found Spy Cookie: centrport net cookie
13:19: とみたみか@centrport[2].txt (ID = 2374)
13:19: とみたみか@chumtv.122.2o7[1].txt (ID = 1958)
13:19: Found Spy Cookie: clickbank cookie
13:19: とみたみか@clickbank[2].txt (ID = 2398)
13:19: とみたみか@cnetjapan.122.2o7[1].txt (ID = 1958)
13:19: とみたみか@cnn.122.2o7[1].txt (ID = 1958)
13:19: Found Spy Cookie: commission junction cookie
13:19: とみたみか@commission-junction[1].txt (ID = 2455)
13:19: Found Spy Cookie: contextuads cookie
13:19: とみたみか@contextuads[1].txt (ID = 2461)
13:19: Found Spy Cookie: hitslink cookie
13:19: とみたみか@counter.hitslink[1].txt (ID = 2790)
13:19: とみたみか@counter2.hitslink[1].txt (ID = 2790)
13:19: とみたみか@cruises.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: 360i cookie
13:19: とみたみか@ct.360i[1].txt (ID = 1962)
13:19: Found Spy Cookie: customer cookie
13:19: とみたみか@customer[1].txt (ID = 2481)
13:19: Found Spy Cookie: coremetrics cookie
13:19: とみたみか@data.coremetrics[1].txt (ID = 2472)
13:19: Found Spy Cookie: overture cookie
13:19: とみたみか@data3.perf.overture[1].txt (ID = 3106)
13:19: Found Spy Cookie: dbbsrv cookie
13:19: とみたみか@dbbsrv[1].txt (ID = 2499)
13:19: とみたみか@dealnews.122.2o7[1].txt (ID = 1958)
13:19: Found Spy Cookie: dealtime cookie
13:19: とみたみか@dealtime[1].txt (ID = 2505)
13:19: Found Spy Cookie: did-it cookie
13:19: とみたみか@did-it[1].txt (ID = 2523)
13:19: とみたみか@dist.belnk[2].txt (ID = 2293)
13:19: Found Spy Cookie: ru4 cookie
13:19: とみたみか@edge.ru4[2].txt (ID = 3269)
13:19: とみたみか@esl.about[1].txt (ID = 2038)
13:19: とみたみか@familyinternet.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: fastclick cookie
13:19: とみたみか@fastclick[1].txt (ID = 2651)
13:19: Found Spy Cookie: fortunecity cookie
13:19: とみたみか@fortunecity[2].txt (ID = 2686)
13:19: とみたみか@govegas.about[2].txt (ID = 2038)
13:19: Found Spy Cookie: starware.com cookie
13:19: とみたみか@h.starware[1].txt (ID = 3442)
13:19: Found Spy Cookie: humanclick cookie
13:19: とみたみか@hc2.humanclick[1].txt (ID = 2810)
13:19: Found Spy Cookie: vioclicks cookie
13:19: とみたみか@hit1.vioclicks[1].txt (ID = 3640)
13:19: とみたみか@homecooking.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: screensavers.com cookie
13:19: とみたみか@i.screensavers[1].txt (ID = 3298)
13:19: Found Spy Cookie: ic-live cookie
13:19: とみたみか@ic-live[1].txt (ID = 2821)
13:19: とみたみか@japanesefood.about[1].txt (ID = 2038)
13:19: とみたみか@jobsearch.about[2].txt (ID = 2038)
13:19: とみたみか@jobsearchtech.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: domainsponsor cookie
13:19: とみたみか@landing.domainsponsor[2].txt (ID = 2535)
13:19: とみたみか@lasvegas.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: linksynergy cookie
13:19: とみたみか@linksynergy[2].txt (ID = 2926)
13:19: Found Spy Cookie: maxserving cookie
13:19: とみたみか@maxserving[2].txt (ID = 2966)
13:19: とみたみか@media.fastclick[1].txt (ID = 2652)
13:19: とみたみか@msnportal.112.2o7[1].txt (ID = 1958)
13:19: とみたみか@nasdaq.122.2o7[1].txt (ID = 1958)
13:19: Found Spy Cookie: nextag cookie
13:19: とみたみか@nextag[2].txt (ID = 5014)
13:19: Found Spy Cookie: freestats.net cookie
13:19: とみたみか@nfong.freestats[2].txt (ID = 2705)
13:19: Found Spy Cookie: offeroptimizer cookie
13:19: とみたみか@offeroptimizer[1].txt (ID = 3087)
13:19: とみたみか@orthopedics.about[1].txt (ID = 2038)
13:19: とみたみか@overture[1].txt (ID = 3105)
13:19: Found Spy Cookie: partypoker cookie
13:19: とみたみか@partypoker[2].txt (ID = 3111)
13:19: Found Spy Cookie: pricegrabber cookie
13:19: とみたみか@pcworld.pricegrabber[1].txt (ID = 3186)
13:19: とみたみか@perf.overture[1].txt (ID = 3106)
13:19: とみたみか@pricegrabber[1].txt (ID = 3185)
13:19: Found Spy Cookie: pro-market cookie
13:19: とみたみか@pro-market[2].txt (ID = 3197)
13:19: Found Spy Cookie: qksrv cookie
13:19: とみたみか@qksrv[1].txt (ID = 3213)
13:19: Found Spy Cookie: questionmarket cookie
13:19: とみたみか@questionmarket[1].txt (ID = 3217)
13:19: Found Spy Cookie: rambler cookie
13:19: とみたみか@rambler[1].txt (ID = 3225)
13:19: とみたみか@realitytv.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: realmedia cookie
13:19: とみたみか@realmedia[1].txt (ID = 3235)
13:19: Found Spy Cookie: revenue.net cookie
13:19: とみたみか@revenue[2].txt (ID = 3257)
13:19: Found Spy Cookie: rn11 cookie
13:19: とみたみか@rn11[2].txt (ID = 3261)
13:19: Found Spy Cookie: adjuggler cookie
13:19: とみたみか@rotator.adjuggler[1].txt (ID = 2071)
13:19: とみたみか@search.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: server.iad.liveperson cookie
13:19: とみたみか@server.iad.liveperson[1].txt (ID = 3341)
13:19: Found Spy Cookie: serving-sys cookie
13:19: とみたみか@serving-sys[1].txt (ID = 3343)
13:19: とみたみか@sewing.about[1].txt (ID = 2038)
13:19: とみたみか@snowboarding.about[2].txt (ID = 2038)
13:19: Found Spy Cookie: spylog cookie
13:19: とみたみか@spylog[1].txt (ID = 3415)
13:19: とみたみか@starware[2].txt (ID = 3441)
13:19: とみたみか@stat.dealtime[2].txt (ID = 2506)
13:19: Found Spy Cookie: onestat.com cookie
13:19: とみたみか@stat.onestat[2].txt (ID = 3098)
13:19: Found Spy Cookie: statcounter cookie
13:19: とみたみか@statcounter[1].txt (ID = 3447)
13:19: Found Spy Cookie: clicktracks cookie
13:19: とみたみか@stats2.clicktracks[2].txt (ID = 2407)
13:19: Found Spy Cookie: webtrendslive cookie
13:19: とみたみか@statse.webtrendslive[1].txt (ID = 3667)
13:19: Found Spy Cookie: sympaticoca cookie
13:19: とみたみか@sympatico[2].txt (ID = 3483)
13:19: Found Spy Cookie: targetnet cookie
13:19: とみたみか@targetnet[1].txt (ID = 3489)
13:19: とみたみか@test.coremetrics[1].txt (ID = 2472)
13:19: Found Spy Cookie: tickle cookie
13:19: とみたみか@tickle[1].txt (ID = 3529)
13:19: Found Spy Cookie: tracking cookie
13:19: とみたみか@tracking[2].txt (ID = 3571)
13:19: Found Spy Cookie: tradedoubler cookie
13:19: とみたみか@tradedoubler[1].txt (ID = 3575)
13:19: Found Spy Cookie: trafficmp cookie
13:19: とみたみか@trafficmp[1].txt (ID = 3581)
13:19: Found Spy Cookie: tribalfusion cookie
13:19: とみたみか@tribalfusion[2].txt (ID = 3589)
13:19: Found Spy Cookie: tripod cookie
13:19: とみたみか@tripod[1].txt (ID = 3591)
13:19: とみたみか@vodafone.122.2o7[1].txt (ID = 1958)
13:19: とみたみか@wine.about[1].txt (ID = 2038)
13:19: Found Spy Cookie: burstbeacon cookie
13:19: とみたみか@www.burstbeacon[2].txt (ID = 2335)
13:19: Found Spy Cookie: buzztone cookie
13:19: とみたみか@www.buzztone[1].txt (ID = 2339)
13:19: Found Spy Cookie: ebates cookie
13:19: とみたみか@www.ebates[2].txt (ID = 2558)
13:19: Found Spy Cookie: myaffiliateprogram.com cookie
13:19: とみたみか@www.myaffiliateprogram[2].txt (ID = 3032)
13:19: とみたみか@www.screensavers[1].txt (ID = 3298)
13:19: Found Spy Cookie: stlyrics cookie
13:19: とみたみか@www.stlyrics[1].txt (ID = 3462)
13:19: とみたみか@www1.sympatico[1].txt (ID = 3484)
13:19: Found Spy Cookie: adserver cookie
13:19: とみたみか@z1.adserver[1].txt (ID = 2142)
13:19: Found Spy Cookie: zedo cookie
13:19: とみたみか@zedo[2].txt (ID = 3762)
13:19: Cookie Sweep Complete, Elapsed Time: 00:00:41
13:19: Starting File Sweep
13:20: Found Adware: bullguard popup ad
13:20: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
13:20: c:\program files\power scan (1 subtraces) (ID = -2147480461)
13:20: c:\documents and settings\とみたみか\スタート メニュー\プログラム\power scan (1 subtraces) (ID = -2147480462)
13:20: c:\program files\save (6 subtraces) (ID = -2147480378)
13:20: c:\documents and settings\とみたみか\スタート メニュー\プログラム\whenu (3 subtraces) (ID = -2147480383)
13:20: c:\program files\istsvc (ID = -2147480800)
13:20: c:\windows\temp\altnet (18 subtraces) (ID = -2147481435)
13:20: Found Adware: winhound spyware remover
13:20: c:\documents and settings\とみたみか\application data\winhound.com (11 subtraces) (ID = -2147462035)
13:20: c:\program files\winhound (1 subtraces) (ID = -2147462133)
13:20: c:\windows\downloaded program files\3721 (2 subtraces) (ID = -2147469211)
13:20: Found Adware: topicks
13:20: c:\program files\topicks (4 subtraces) (ID = -2147480143)
13:20: Found Adware: srng
13:20: c:\program files\srng (1 subtraces) (ID = -2147480238)
13:20: Found Adware: commonname
13:20: c:\windows\temp\adware (ID = -2147481214)
13:22: w?nspool.exe (ID = 69622)
13:22: HKU\S-1-5-21-372829268-2693076698-917563655-1006\Software\Microsoft\Windows\CurrentVersion\Run || Gyonyzaz (ID = 0)
13:25: impcfw.dll (ID = 52292)
13:25: cnsminsv.dll (ID = 53270)
13:26: skin.cfx (ID = 52294)
13:27: cln7f.tmp (ID = 64074)
13:28: mediagatewayx.dll (ID = 119317)
13:30: procmod.dll (ID = 52293)
13:32: Found Adware: exact cashback/bargain buddy
13:32: package8029_cdt3.exe (ID = 50800)
13:42: powersetup.exe (ID = 72682)
13:58: cnsminio.dll (ID = 53267)
14:02: powerscan.exe (ID = 72678)
14:02: cnsminex.cab (ID = 53262)
14:31: cnsminex.dll (ID = 53263)
14:41: trkgif.exe (ID = 50876)
14:41: saveuninst.exe (ID = 125357)
14:41: readme.txt (ID = 127161)
14:46: gatorhdplugin.log (ID = 119819)
14:50: power scan.lnk (ID = 72676)
14:53: gatorpdpsetup.log (ID = 61399)
14:59: cnsminio.cab (ID = 53266)
15:16: file.zip (ID = 76877)
15:20: instsrv.exe (ID = 50713)
15:20: msexreg.exe (ID = 50760)
15:35: cnsmin.dll (ID = 53251)
15:43: Found Adware: ebates money maker
15:43: ebates_cookie_detect[1].js (ID = 59644)
15:52: Found Adware: alyon
15:52: cm_datatag_utils[1].js (ID = 49897)
15:52: dmfiles.cab (ID = 49818)
15:52: dminfo3.cab (ID = 49824)
15:53: dminstall7.cab (ID = 49829)
15:53: mysearch.cab (ID = 49849)
15:53: pmexe.cab (ID = 49854)
15:53: pmfiles.cab (ID = 49856)
15:53: pminstall.cab (ID = 49857)
15:53: setup.cab (ID = 49871)
15:55: Found Adware: 180search assistant/zango
15:55: res1977.tmp (ID = 93785)
16:05: int_ver32b.inf (ID = 156464)
16:07: cc_43.pnf (ID = 53470)
16:24: adm4.dll (ID = 49779)
16:24: adm25.dll (ID = 49782)
16:24: admdata.dll (ID = 49784)
16:24: admdloader.dll (ID = 49786)
16:24: admfdi.dll (ID = 49789)
16:24: admprog.dll (ID = 49790)
16:24: bulldownload.exe (ID = 52017)
16:25: setup.exe (ID = 49875)
16:25: adm.exe (ID = 49776)
16:38: Found Adware: purityscan
16:38: mediaticketsinstaller.inf (ID = 73158)
17:15: cnsminsv.cab (ID = 53269)
17:23: Warning: Failed to open file "c:\documents and settings\とみたみか\my documents\my music\08 - james blunt - billy.mp3". 指定されたファイルが見つかりません。
17:25: Warning: Failed to open file "c:\program files\bearshare\temp\tmp02 beastie boys - paul's boutique - shake your rump.mp3". 指定されたファイルが見つかりません。
17:27: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\4rxzuab1\ca0pm7gd.bin". 指定されたファイルが見つかりません。
17:27: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\4rbzust1\adsadclient31[1]". 指定されたファイルが見つかりません。
17:27: int_ver32b.ocx (ID = 156465)
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\1frj9dse\advlinks1[1].gif". 指定されたファイルが見つかりません。
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\214f6lal\bg.tab.elibrary[1].gif". 指定されたファイルが見つかりません。
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\4rbzust1\rs_right[1].gif". 指定されたファイルが見つかりません。
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\1frj9dse\up[1].gif". 指定されたファイルが見つかりません。
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\local settings\temporary internet files\content.ie5\4rbzust1\z3[1].gif". 指定されたファイルが見つかりません。
17:29: Warning: Failed to open file "c:\documents and settings\とみたみか\cookies\とみたみか@www.orbitz[1].txt". 指定されたファイルが見つかりません。
17:32: salmau.dat (ID = 93788)
17:36: cnsmin.inf (ID = 53253)
17:36: cnsminex.ini (ID = 53264)
17:36: cnsmincg.ini (ID = 53257)
17:36: cnsmin.ini (ID = 53255)
17:36: bundle.inf (ID = 61287)
17:36: cc.inf (ID = 53467)
17:36: spnsrs.xml (ID = 79700)
17:57: Warning: Unhandled Archive Type
17:57: Warning: Unhandled Archive Type
17:58: Warning: Unhandled Archive Type
17:58: Warning: Unhandled Archive Type
17:58: Warning: Unhandled Archive Type
17:59: Warning: Unhandled Archive Type
17:59: Warning: Unhandled Archive Type
17:59: Warning: Unhandled Archive Type
17:59: Warning: Unhandled Archive Type
18:02: Warning: Unhandled Archive Type
18:09: Warning: Unhandled Archive Type
18:10: Warning: Unhandled Archive Type
18:10: Warning: File not found
18:10: Warning: File not found
18:11: power scan.lnk (ID = 72678)
18:12: File Sweep Complete, Elapsed Time: 04:53:04
18:12: Full Sweep has completed. Elapsed time 05:08:23
18:12: Traces Found: 906
18:31: Removal process initiated
18:31: Quarantining All Traces: 180search assistant/zango
18:31: Quarantining All Traces: ist istbar
18:31: Quarantining All Traces: psguard
18:32: psguard is in use. It will be removed on reboot.
18:32: C:\WINDOWS\system32\oleext.dll is in use. It will be removed on reboot.
18:32: Quarantining All Traces: purityscan
18:32: Quarantining All Traces: cnsmin
18:32: cnsmin is in use. It will be removed on reboot.
18:32: cnsminsv.dll is in use. It will be removed on reboot.
18:32: cnsminio.dll is in use. It will be removed on reboot.
18:32: cnsminex.dll is in use. It will be removed on reboot.
18:32: cnsmin.dll is in use. It will be removed on reboot.
18:32: C:\WINDOWS\Downloaded Program Files\CnsMin.dll is in use. It will be removed on reboot.
18:32: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll is in use. It will be removed on reboot.
18:32: C:\WINDOWS\Downloaded Program Files\CnsMinSV.dll is in use. It will be removed on reboot.
18:32: C:\WINDOWS\Downloaded Program Files\CnsMinEx.dll is in use. It will be removed on reboot.
18:32: Quarantining All Traces: comet cursor
18:32: Quarantining All Traces: commonname
18:32: Quarantining All Traces: internetoptimizer
18:32: Quarantining All Traces: srng
18:32: Quarantining All Traces: winad
18:32: Quarantining All Traces: 7adpower
18:32: Quarantining All Traces: altnet
18:32: Quarantining All Traces: alyon
18:32: Quarantining All Traces: bullguard popup ad
18:32: Quarantining All Traces: cashfiesta
18:33: Quarantining All Traces: cydoor peer-to-peer dependency
18:33: Quarantining All Traces: ebates money maker
18:33: Quarantining All Traces: exact cashback/bargain buddy
18:33: Quarantining All Traces: ist powerscan
18:33: ist powerscan is in use. It will be removed on reboot.
18:33: power scan.lnk is in use. It will be removed on reboot.
18:33: Quarantining All Traces: keenvalue/perfectnav
18:33: Quarantining All Traces: memorywatcher
18:33: memorywatcher is in use. It will be removed on reboot.
18:33: w?nspool.exe is in use. It will be removed on reboot.

I am not able to post the log in 1 post so the continuation will be on the next post.
 

mika07

Thread Starter
Joined
Dec 25, 2005
Messages
5
18:33: Quarantining All Traces: topicks
18:33: Quarantining All Traces: topsearch
18:33: Quarantining All Traces: winhound spyware remover
18:33: Quarantining All Traces: 247realmedia cookie
18:33: Quarantining All Traces: 2o7.net cookie
18:33: Quarantining All Traces: 360i cookie
18:33: Quarantining All Traces: a cookie
18:33: Quarantining All Traces: about cookie
18:33: Quarantining All Traces: addynamix cookie
18:33: Quarantining All Traces: adjuggler cookie
18:33: Quarantining All Traces: adknowledge cookie
18:33: Quarantining All Traces: adlegend cookie
18:33: Quarantining All Traces: adrevolver cookie
18:33: Quarantining All Traces: adserver cookie
18:33: Quarantining All Traces: advertising cookie
18:33: Quarantining All Traces: apmebf cookie
18:33: Quarantining All Traces: ask cookie
18:33: Quarantining All Traces: atlas dmt cookie
18:33: Quarantining All Traces: atwola cookie
18:33: Quarantining All Traces: azjmp cookie
18:33: Quarantining All Traces: belnk cookie
18:33: Quarantining All Traces: bizrate cookie
18:33: Quarantining All Traces: bluestreak cookie
18:33: Quarantining All Traces: bravenet cookie
18:33: Quarantining All Traces: burstbeacon cookie
18:33: Quarantining All Traces: burstnet cookie
18:33: Quarantining All Traces: buzztone cookie
18:33: Quarantining All Traces: casalemedia cookie
18:33: Quarantining All Traces: centrport net cookie
18:33: Quarantining All Traces: clickbank cookie
18:33: Quarantining All Traces: clicktracks cookie
18:33: Quarantining All Traces: commission junction cookie
18:33: Quarantining All Traces: contextuads cookie
18:33: Quarantining All Traces: coremetrics cookie
18:33: Quarantining All Traces: customer cookie
18:33: Quarantining All Traces: dbbsrv cookie
18:33: Quarantining All Traces: dealtime cookie
18:33: Quarantining All Traces: did-it cookie
18:33: Quarantining All Traces: directtrack cookie
18:33: Quarantining All Traces: domainsponsor cookie
18:33: Quarantining All Traces: ebates cookie
18:33: Quarantining All Traces: falkag cookie
18:33: Quarantining All Traces: fastclick cookie
18:33: Quarantining All Traces: fortunecity cookie
18:33: Quarantining All Traces: freestats.net cookie
18:33: Quarantining All Traces: gain - common components
18:33: Quarantining All Traces: hbmediapro cookie
18:33: Quarantining All Traces: hitslink cookie
18:33: Quarantining All Traces: humanclick cookie
18:33: Quarantining All Traces: ic-live cookie
18:33: Quarantining All Traces: linksynergy cookie
18:33: Quarantining All Traces: maxserving cookie
18:33: Quarantining All Traces: myaffiliateprogram.com cookie
18:33: Quarantining All Traces: nextag cookie
18:33: Quarantining All Traces: offeroptimizer cookie
18:33: Quarantining All Traces: onestat.com cookie
18:33: Quarantining All Traces: overture cookie
18:33: Quarantining All Traces: partypoker cookie
18:33: Quarantining All Traces: pointroll cookie
18:33: Quarantining All Traces: pricegrabber cookie
18:33: Quarantining All Traces: pro-market cookie
18:33: Quarantining All Traces: qksrv cookie
18:33: Quarantining All Traces: questionmarket cookie
18:33: Quarantining All Traces: rambler cookie
18:33: Quarantining All Traces: realmedia cookie
18:33: Quarantining All Traces: revenue.net cookie
18:33: Quarantining All Traces: rn11 cookie
18:33: Quarantining All Traces: ru4 cookie
18:33: Quarantining All Traces: sandboxer cookie
18:33: Quarantining All Traces: screensavers.com cookie
18:33: Quarantining All Traces: server.iad.liveperson cookie
18:33: Quarantining All Traces: serving-sys cookie
18:33: Quarantining All Traces: specificclick.com cookie
18:33: Quarantining All Traces: spylog cookie
18:33: Quarantining All Traces: starware.com cookie
18:33: Quarantining All Traces: statcounter cookie
18:33: Quarantining All Traces: stlyrics cookie
18:33: Quarantining All Traces: sympaticoca cookie
18:33: Quarantining All Traces: targetnet cookie
18:33: Quarantining All Traces: tickle cookie
18:33: Quarantining All Traces: tracking cookie
18:33: Quarantining All Traces: tradedoubler cookie
18:33: Quarantining All Traces: trafficmp cookie
18:33: Quarantining All Traces: tribalfusion cookie
18:33: Quarantining All Traces: tripod cookie
18:33: Quarantining All Traces: vioclicks cookie
18:33: Quarantining All Traces: webtrendslive cookie
18:33: Quarantining All Traces: whenu savenow
18:33: Quarantining All Traces: whenu
18:33: Quarantining All Traces: yieldmanager cookie
18:33: Quarantining All Traces: zedo cookie
18:33: Warning: Launched explorer.exe
18:33: Warning: Quarantine process could not restart Explorer.
18:34: Removal process completed. Elapsed time 00:03:45
********
13:02: | Start of Session, 2005年12月25日 |
13:02: Spy Sweeper started
13:03: Your spyware definitions have been updated.
13:04: | End of Session, 2005年12月25日 |



Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 23:32:13, on 2005/12/25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nzseumq\Kibo.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ipxmontr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Documents and Settings\とみたみか\デスクトップ\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BFB6859-E166-5AE7-8521-115578F62C4A} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 22
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dohhv] C:\Program Files\Nzseumq\Kibo.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ipxmontr] C:\WINDOWS\System32\ipxmontr.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Bookshelfで検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 辞書バー - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! JAPAN Multi-Millionaire - http://yog35.games.mci.yahoo.co.jp/yog/yj/mmt5_x.cab
O16 - DPF: Yahoo! JAPAN Othello - http://yog41.games.mci.yahoo.co.jp/yog/yj/rt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30638f605e0321905c03/netzip/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That got rid of a lot of it

now to see wnat else we can fix


download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop
right click the file and select install, that will reset the zone settings that have been altered


Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


O2 - BHO: (no name) - {4BFB6859-E166-5AE7-8521-115578F62C4A} - (no file)

O4 - HKLM\..\Run: [Dohhv] C:\Program Files\Nzseumq\Kibo.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKCU\..\Run: [ipxmontr] C:\WINDOWS\System32\ipxmontr.exe
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203


O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30638f60...p/RdxIE601.cab


now Start killbox, go to options on the top bar and make sure remove directories is enabled and remove duplicates is UNCHECKED paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\Program Files\Nzseumq\Kibo.exe
C:\Program Files\WinHound\WinHound.exe
C:\WINDOWS\System32\ipxmontr.exe

Then on killbox top bar press tools/delete temp files, in the pop up box in the NT section select temp & temp internet & cookies only and in the 9x section select c:\windows\temp & c:\temp then on the drop down user account box, select your account, then repeat for every user account on the computer

then reboot & post afresh HJT log

and
  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
before doing the fixes in my last post please do this

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the by using Add Reply.
Let us know if any problems persist.
 

mika07

Thread Starter
Joined
Dec 25, 2005
Messages
5
So I did what you posted in your second posting (dowload smitRem and running Panda ActiveScan). Here is my SmitRem log below.

smitRem ゥ log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 1176 'explorer.exe'
Killing PID 1176 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :( Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~

And here is the Panda ActiveScan log:


Incident Status Location

Virus:Trj/Downloader.WI Disinfected C:\counter.cab
Virus:W32/Dedler.S.worm Disinfected C:\Documents and Settings\All Users\Documents\install.exe
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\とみたみか\Local Settings\Temporary Internet Files\Content.IE5\TZ7NHTGE\full[1].anr
Adware:Adware/Dyfuca Not desinfected C:\Program Files\Nzseumq\Kibo.exe
Adware:Adware/Gator Not desinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll
Adware:adware/gator Not desinfected C:\WINDOWS\GatorPatch.log
Spyware:application/bestoffer Not desinfected C:\WINDOWS\smdat32a.sys
Adware:adware/wupd Not desinfected C:\WINDOWS\system32\ide21201.vxd
Virus:Trj/Downloader.CVO Disinfected C:\WINDOWS\system32\ipxmontr.exe
And here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:06:54, on 2005/12/26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nzseumq\Kibo.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Sony\SonicStage\Omgjbox.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Documents and Settings\とみたみか\デスクトップ\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BFB6859-E166-5AE7-8521-115578F62C4A} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ラジオ(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 22
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dohhv] C:\Program Files\Nzseumq\Kibo.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Bookshelfで検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {2A8DA722-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {2A8DA725-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {2A8DA726-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {2A8DA728-A2E3-11d5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 辞書バー - {964174A1-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {964174A3-BDB5-11D5-A8FD-00065B1FF8EA} - C:\Program Files\TTI_V6_LE\IeTbandYoko.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! JAPAN Multi-Millionaire - http://yog35.games.mci.yahoo.co.jp/yog/yj/mmt5_x.cab
O16 - DPF: Yahoo! JAPAN Othello - http://yog41.games.mci.yahoo.co.jp/yog/yj/rt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30638f605e0321905c03/netzip/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestation.com/common/classes/ISUSPrintActiveX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Should I do what you told me to do in post #6 now?

Thanks
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
yes do post 6 now then post afresh HJT log
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top