ngpw36 help --- HijackThis log included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
My girlfriend's computer has been infected with the ngpw36 bug, and I'm having a lot of trouble getting rid of it. Here is the HijackThis scan log of her computer. Thanks for your help.

Logfile of HijackThis v1.98.2
Scan saved at 11:25:45 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\system32\rsdsregj.exe
C:\WINDOWS\SYSTEM32\sms_msn40.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\SYSTEM32\ngpw40.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\mwintsap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sarah\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\SYSTEM32\ngsh35.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002
O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwintsap.exe FI002
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwintsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/054d370b5dc9a573be03/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
 
Joined
Sep 7, 2004
Messages
49,014
Old version

Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there

===============

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
Alright, thanks for the response. Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:07:28 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\system32\rsdsregj.exe
C:\WINDOWS\SYSTEM32\sms_msn40.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\SYSTEM32\ngpw40.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\mwintsap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\SYSTEM32\ngsh35.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002
O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwintsap.exe FI002
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwintsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/054d370b5dc9a573be03/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
...and the Spy Sweeper scan results:

********
1:31 PM: | Start of Session, Sunday, January 15, 2006 |
1:31 PM: Spy Sweeper started
1:31 PM: Sweep initiated using definitions version 601
1:31 PM: Starting Memory Sweep
1:36 PM: Memory Sweep Complete, Elapsed Time: 00:05:15
1:36 PM: Starting Registry Sweep
1:37 PM: Found Adware: blazefind
1:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (2 subtraces) (ID = 104526)
1:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
1:37 PM: Found Adware: hotbar
1:37 PM: HKLM\software\hotbar\ (52 subtraces) (ID = 127566)
1:37 PM: Found Adware: mirar webband
1:37 PM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135063)
1:37 PM: Found Adware: relatedlinks bho
1:37 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
1:37 PM: Found Adware: clkoptimizer
1:37 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
1:37 PM: HKLM\software\qstat\ || brr (ID = 877670)
1:37 PM: Found Adware: search helping wizard
1:37 PM: HKCR\ngsh35.clsdw\ (3 subtraces) (ID = 958369)
1:37 PM: HKCR\ngsh35.clsis\ (3 subtraces) (ID = 958373)
1:37 PM: HKLM\software\microsoft\windows\currentversion\run\ || sms_msn (ID = 958502)
1:37 PM: HKLM\software\classes\ngsh35.clsdw\ (3 subtraces) (ID = 958516)
1:37 PM: HKLM\software\classes\ngsh35.clsis\ (3 subtraces) (ID = 958520)
1:37 PM: Found Adware: safesurf
1:37 PM: HKLM\software\rasmon\ (24 subtraces) (ID = 966765)
1:37 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rasmon\ (2 subtraces) (ID = 966833)
1:37 PM: Found Adware: elitemediagroup-pop64
1:37 PM: HKCR\elitectl.democtl\ (3 subtraces) (ID = 967500)
1:37 PM: HKCR\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967504)
1:37 PM: HKCR\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967532)
1:37 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967541)
1:37 PM: HKCR\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967550)
1:37 PM: HKLM\software\classes\elitectl.democtl\ (3 subtraces) (ID = 967560)
1:37 PM: HKLM\software\classes\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967564)
1:37 PM: HKLM\software\classes\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967592)
1:37 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967601)
1:37 PM: HKLM\software\classes\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967610)
1:37 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (2 subtraces) (ID = 1015939)
1:37 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055242)
1:37 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055248)
1:37 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055250)
1:37 PM: HKCR\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055256)
1:37 PM: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055268)
1:37 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055285)
1:37 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055291)
1:37 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055293)
1:37 PM: HKLM\software\classes\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055311)
1:37 PM: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055323)
1:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
1:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860)
1:37 PM: Found Adware: zenosearchassistant
1:37 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
1:37 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
1:37 PM: Registry Sweep Complete, Elapsed Time:00:00:49
1:37 PM: Starting Cookie Sweep
1:37 PM: Found Spy Cookie: 2o7.net cookie
1:37 PM: [email protected][2].txt (ID = 1957)
1:37 PM: Found Spy Cookie: 3 cookie
1:37 PM: [email protected][1].txt (ID = 1959)
1:37 PM: Found Spy Cookie: 888 cookie
1:37 PM: [email protected][2].txt (ID = 2019)
1:37 PM: Found Spy Cookie: websponsors cookie
1:37 PM: [email protected][1].txt (ID = 3665)
1:37 PM: Found Spy Cookie: go.com cookie
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: Found Spy Cookie: about cookie
1:37 PM: [email protected][2].txt (ID = 2037)
1:37 PM: Found Spy Cookie: accoona cookie
1:37 PM: [email protected][1].txt (ID = 2041)
1:37 PM: Found Spy Cookie: yieldmanager cookie
1:37 PM: [email protected][2].txt (ID = 3751)
1:37 PM: Found Spy Cookie: adecn cookie
1:37 PM: [email protected][2].txt (ID = 2063)
1:37 PM: Found Spy Cookie: adknowledge cookie
1:37 PM: [email protected][1].txt (ID = 2072)
1:37 PM: Found Spy Cookie: hbmediapro cookie
1:37 PM: [email protected][1].txt (ID = 2768)
1:37 PM: Found Spy Cookie: precisead cookie
1:37 PM: [email protected][2].txt (ID = 3182)
1:37 PM: Found Spy Cookie: specificclick.com cookie
1:37 PM: [email protected][2].txt (ID = 3400)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: Found Spy Cookie: adorigin cookie
1:37 PM: [email protected][1].txt (ID = 2082)
1:37 PM: Found Spy Cookie: adprofile cookie
1:37 PM: [email protected][2].txt (ID = 2084)
1:37 PM: Found Spy Cookie: euniverseads cookie
1:37 PM: [email protected][2].txt (ID = 2630)
1:37 PM: Found Spy Cookie: bpath cookie
1:37 PM: [email protected][1].txt (ID = 2321)
1:37 PM: Found Spy Cookie: advertising cookie
1:37 PM: [email protected][2].txt (ID = 2175)
1:37 PM: Found Spy Cookie: affiliate cookie
1:37 PM: [email protected][2].txt (ID = 2199)
1:37 PM: Found Spy Cookie: ask cookie
1:37 PM: [email protected][1].txt (ID = 2245)
1:37 PM: Found Spy Cookie: atlas dmt cookie
1:37 PM: [email protected][2].txt (ID = 2253)
1:37 PM: Found Spy Cookie: belnk cookie
1:37 PM: [email protected][2].txt (ID = 2293)
1:37 PM: Found Spy Cookie: atwola cookie
1:37 PM: [email protected][2].txt (ID = 2255)
1:37 PM: Found Spy Cookie: azjmp cookie
1:37 PM: [email protected][2].txt (ID = 2270)
1:37 PM: Found Spy Cookie: banner cookie
1:37 PM: [email protected][1].txt (ID = 2276)
1:37 PM: [email protected][1].txt (ID = 2292)
1:37 PM: Found Spy Cookie: burstnet cookie
1:37 PM: [email protected][2].txt (ID = 2336)
1:37 PM: [email protected][2].txt (ID = 1958)
1:37 PM: Found Spy Cookie: carsbelowinvoice cookie
1:37 PM: [email protected][1].txt (ID = 2352)
1:37 PM: [email protected][2].txt (ID = 1958)
1:37 PM: Found Spy Cookie: centrport net cookie
1:37 PM: [email protected][1].txt (ID = 2374)
1:37 PM: [email protected][1].txt (ID = 1958)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: [email protected][1].txt (ID = 1958)
1:37 PM: Found Spy Cookie: customer cookie
1:37 PM: [email protected][1].txt (ID = 2481)
1:37 PM: Found Spy Cookie: clickzs cookie
1:37 PM: [email protected][2].txt (ID = 2413)
1:37 PM: Found Spy Cookie: overture cookie
1:37 PM: [email protected][1].txt (ID = 3106)
1:37 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie
1:37 PM: [email protected]_8f3u[1].txt (ID = 2501)
1:37 PM: Found Spy Cookie: desktop kazaa cookie
1:37 PM: [email protected][2].txt (ID = 2515)
1:37 PM: Found Spy Cookie: did-it cookie
1:37 PM: [email protected][2].txt (ID = 2523)
1:37 PM: [email protected][1].txt (ID = 2293)
1:37 PM: Found Spy Cookie: ru4 cookie
1:37 PM: [email protected][2].txt (ID = 3269)
1:37 PM: [email protected][2].txt (ID = 2729)
1:37 PM: Found Spy Cookie: exitexchange cookie
1:37 PM: [email protected][2].txt (ID = 2633)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: Found Spy Cookie: go2net.com cookie
1:37 PM: [email protected][1].txt (ID = 2730)
1:37 PM: [email protected][2].txt (ID = 2728)
1:37 PM: Found Spy Cookie: clickandtrack cookie
1:37 PM: [email protected][2].txt (ID = 2397)
1:37 PM: Found Spy Cookie: hitstats.net cookie
1:37 PM: [email protected][1].txt (ID = 2791)
1:37 PM: Found Spy Cookie: homestore cookie
1:37 PM: [email protected][1].txt (ID = 2793)
1:37 PM: Found Spy Cookie: hypertracker.com cookie
1:37 PM: [email protected][1].txt (ID = 2817)
1:37 PM: Found Spy Cookie: screensavers.com cookie
1:37 PM: [email protected][1].txt (ID = 3298)
1:37 PM: Found Spy Cookie: ic-live cookie
1:37 PM: [email protected][1].txt (ID = 2821)
1:37 PM: Found Spy Cookie: infospace cookie
1:37 PM: [email protected][1].txt (ID = 2865)
1:37 PM: Found Spy Cookie: kount cookie
1:37 PM: [email protected][1].txt (ID = 2911)
1:37 PM: [email protected][1].txt (ID = 1958)
1:37 PM: Found Spy Cookie: metareward.com cookie
1:37 PM: [email protected][1].txt (ID = 2990)
1:37 PM: Found Spy Cookie: monstermarketplace cookie
1:37 PM: [email protected][2].txt (ID = 3006)
1:37 PM: Found Spy Cookie: mp3downloadhq cookie
1:37 PM: [email protected][2].txt (ID = 3014)
1:37 PM: Found Spy Cookie: mp3downloading cookie
1:37 PM: [email protected][2].txt (ID = 3016)
1:37 PM: Found Spy Cookie: mywebsearch cookie
1:37 PM: [email protected][1].txt (ID = 3051)
1:37 PM: Found Spy Cookie: nextag cookie
1:37 PM: [email protected][1].txt (ID = 5014)
1:37 PM: Found Spy Cookie: one-time-offer cookie
1:37 PM: [email protected][1].txt (ID = 3095)
1:37 PM: [email protected][2].txt (ID = 3105)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: [email protected][1].txt (ID = 3106)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: [email protected][1].txt (ID = 2038)
1:37 PM: Found Spy Cookie: pro-market cookie
1:37 PM: [email protected][2].txt (ID = 3197)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: Found Spy Cookie: rightmedia cookie
1:37 PM: [email protected][2].txt (ID = 3259)
1:37 PM: Found Spy Cookie: rn11 cookie
1:37 PM: [email protected][2].txt (ID = 3261)
1:37 PM: Found Spy Cookie: adjuggler cookie
1:37 PM: [email protected][1].txt (ID = 2071)
1:37 PM: Found Spy Cookie: rp cookie
1:37 PM: [email protected][1].txt (ID = 3267)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: Found Spy Cookie: tvguide cookie
1:37 PM: [email protected][1].txt (ID = 3600)
1:37 PM: Found Spy Cookie: coolsavings cookie
1:37 PM: [email protected][1].txt (ID = 2466)
1:37 PM: Found Spy Cookie: pch cookie
1:37 PM: [email protected][1].txt (ID = 3124)
1:37 PM: [email protected][1].txt (ID = 3600)
1:37 PM: Found Spy Cookie: domainsponsor cookie
1:37 PM: [email protected][1].txt (ID = 2534)
1:37 PM: Found Spy Cookie: web-stat cookie
1:37 PM: [email protected][2].txt (ID = 3649)
1:37 PM: Found Spy Cookie: servlet cookie
1:37 PM: [email protected][2].txt (ID = 3345)
1:37 PM: [email protected][2].txt (ID = 2038)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: [email protected][1].txt (ID = 2729)
1:37 PM: Found Spy Cookie: starware.com cookie
1:37 PM: [email protected][2].txt (ID = 3441)
1:37 PM: Found Spy Cookie: stats.klsoft.com cookie
1:37 PM: [email protected][1].txt (ID = 3451)
1:37 PM: [email protected][2].txt (ID = 2038)
1:37 PM: Found Spy Cookie: toplist cookie
1:37 PM: [email protected][1].txt (ID = 3557)
1:37 PM: Found Spy Cookie: toprebates.com cookie
1:37 PM: [email protected][2].txt (ID = 3561)
1:37 PM: Found Spy Cookie: tracking cookie
1:37 PM: [email protected][2].txt (ID = 3571)
1:37 PM: Found Spy Cookie: trb.com cookie
1:37 PM: [email protected][1].txt (ID = 3587)
1:37 PM: [email protected][2].txt (ID = 3599)
1:37 PM: Found Spy Cookie: videodome cookie
1:37 PM: [email protected][2].txt (ID = 3638)
1:37 PM: [email protected][2].txt (ID = 3588)
1:37 PM: [email protected][2].txt (ID = 2038)
1:37 PM: Found Spy Cookie: adminder cookie
1:37 PM: [email protected][1].txt (ID = 2079)
1:37 PM: Found Spy Cookie: affiliatefuel.com cookie
1:37 PM: [email protected][1].txt (ID = 2202)
1:37 PM: Found Spy Cookie: dbbsrv cookie
1:37 PM: [email protected][2].txt (ID = 2500)
1:37 PM: Found Spy Cookie: brazilwelcomesyou cookie
1:37 PM: [email protected][1].txt (ID = 2325)
1:37 PM: Found Spy Cookie: burstbeacon cookie
1:37 PM: [email protected][1].txt (ID = 2335)
1:37 PM: [email protected][2].txt (ID = 2991)
1:37 PM: [email protected][2].txt (ID = 3017)
1:37 PM: Found Spy Cookie: myaffiliateprogram.com cookie
1:37 PM: [email protected][2].txt (ID = 3032)
1:37 PM: Found Spy Cookie: mytemplatestorage cookie
1:37 PM: [email protected][1].txt (ID = 3050)
1:37 PM: Found Spy Cookie: portland.co cookie
1:37 PM: [email protected][2].txt (ID = 3180)
1:37 PM: [email protected][2].txt (ID = 3562)
1:37 PM: Found Spy Cookie: franklinsurveys cookie
1:37 PM: [email protected][2].txt (ID = 2689)
1:37 PM: Found Spy Cookie: yadro cookie
1:37 PM: [email protected][2].txt (ID = 3743)
1:37 PM: [email protected][2].txt (ID = 3749)
1:37 PM: Found Spy Cookie: adserver cookie
1:37 PM: [email protected][1].txt (ID = 2142)
1:37 PM: Found Spy Cookie: zenotecnico cookie
1:37 PM: [email protected][1].txt (ID = 3858)
1:37 PM: [email protected][1].txt (ID = 3006)
1:37 PM: Found Spy Cookie: pricegrabber cookie
1:37 PM: [email protected][2].txt (ID = 3185)
1:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:16
1:38 PM: Starting File Sweep
1:38 PM: Found Adware: bullguard popup ad
1:38 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
1:38 PM: Found Adware: gain - common components
1:38 PM: c:\program files\common files\gmt (5843 subtraces) (ID = -2147480945)
1:38 PM: c:\program files\common files\cmeii (6 subtraces) (ID = -2147480946)
1:38 PM: Found Adware: clipgenie
1:38 PM: c:\program files\clipgenie (ID = -2147481243)
1:38 PM: Found Adware: bookedspace
1:38 PM: c:\windows\bsx32 (59 subtraces) (ID = -2147481346)
1:38 PM: c:\documents and settings\all users\start menu\programs\gain publishing (ID = -2147480950)
1:39 PM: cmediagnostics.log (ID = 61291)
1:40 PM: Found Adware: ezula ilookup
1:40 PM: a0094345.dll (ID = 205457)
1:41 PM: elite.ocx (ID = 187157)
1:46 PM: a0094347.dll (ID = 205457)
1:49 PM: mediaview[1].cab (ID = 187158)
1:49 PM: elite.inf (ID = 187156)
1:49 PM: justin[1].exe (ID = 213482)
1:49 PM: installer_251[1].exe (ID = 211200)
1:49 PM: inst_fi002[1].exe (ID = 213448)
1:49 PM: 876057[1].exe (ID = 185463)
1:49 PM: Found Adware: targetsaver
1:49 PM: stub_110_4_0_4_0[1].exe (ID = 208148)
1:50 PM: eliteunstall[1].exe (ID = 185456)
1:50 PM: eliteunstall.exe (ID = 185456)
1:50 PM: winats[1].cab (ID = 208237)
1:54 PM: a0094083.exe (ID = 211200)
1:55 PM: a0094344.dll (ID = 205457)
1:57 PM: winats.dll (ID = 208226)
2:00 PM: a0094346.dll (ID = 205457)
2:00 PM: class-barrel (ID = 78229)
2:06 PM: Found Adware: cydoor peer-to-peer dependency
2:06 PM: cd_clint.dll (ID = 57300)
2:06 PM: topsys.exe (ID = 60647)
2:07 PM: Found Adware: altnet
2:07 PM: peer points manager.lnk (ID = 49852)
2:09 PM: vocabulary (ID = 78283)
2:10 PM: bulldownload.exe (ID = 52017)
2:11 PM: tsupdate2[1].ini (ID = 193498)
2:12 PM: stub_110_4_0_4_0.exe (ID = 208148)
2:12 PM: inst_fi002.exe (ID = 213448)
2:13 PM: justin.exe (ID = 213482)
2:13 PM: 876057.exe (ID = 185463)
2:14 PM: winnb57.dll (ID = 185460)
2:15 PM: nt68rrtc12.sys (ID = 220230)
2:15 PM: gator.log (ID = 61386)
2:16 PM: msnav32.ax (ID = 220229)
2:16 PM: zeno.lnk (ID = 146127)
2:16 PM: zeno.lnk (ID = 146127)
2:16 PM: a0094165.cfg (ID = 91140)
2:16 PM: winats.inf (ID = 208224)
2:16 PM: zxdnt3d.cfg (ID = 91140)
2:17 PM: Warning: Invalid file - not a PKZip file
2:17 PM: File Sweep Complete, Elapsed Time: 00:39:54
2:17 PM: Full Sweep has completed. Elapsed time 00:46:23
2:17 PM: Traces Found: 6380
2:25 PM: Removal process initiated
2:25 PM: Quarantining All Traces: clkoptimizer
2:26 PM: Quarantining All Traces: blazefind
2:26 PM: Quarantining All Traces: hotbar
2:26 PM: Quarantining All Traces: altnet
2:26 PM: Quarantining All Traces: bookedspace
2:26 PM: Quarantining All Traces: bullguard popup ad
2:26 PM: Quarantining All Traces: clipgenie
2:26 PM: Quarantining All Traces: cydoor peer-to-peer dependency
2:26 PM: Quarantining All Traces: elitemediagroup-pop64
2:26 PM: Quarantining All Traces: ezula ilookup
2:26 PM: Quarantining All Traces: mirar webband
2:26 PM: Quarantining All Traces: relatedlinks bho
2:26 PM: Quarantining All Traces: safesurf
2:26 PM: Quarantining All Traces: search helping wizard
2:26 PM: Quarantining All Traces: targetsaver
2:26 PM: Quarantining All Traces: zenosearchassistant
2:26 PM: Quarantining All Traces: 2o7.net cookie
2:26 PM: Quarantining All Traces: 3 cookie
2:26 PM: Quarantining All Traces: 888 cookie
2:26 PM: Quarantining All Traces: about cookie
2:26 PM: Quarantining All Traces: accoona cookie
2:26 PM: Quarantining All Traces: adecn cookie
2:26 PM: Quarantining All Traces: adjuggler cookie
2:26 PM: Quarantining All Traces: adknowledge cookie
2:26 PM: Quarantining All Traces: adminder cookie
2:26 PM: Quarantining All Traces: adorigin cookie
2:26 PM: Quarantining All Traces: adprofile cookie
2:26 PM: Quarantining All Traces: adserver cookie
2:26 PM: Quarantining All Traces: advertising cookie
2:26 PM: Quarantining All Traces: affiliate cookie
2:26 PM: Quarantining All Traces: affiliatefuel.com cookie
2:26 PM: Quarantining All Traces: ask cookie
2:26 PM: Quarantining All Traces: atlas dmt cookie
2:26 PM: Quarantining All Traces: atwola cookie
2:26 PM: Quarantining All Traces: azjmp cookie
2:26 PM: Quarantining All Traces: banner cookie
2:26 PM: Quarantining All Traces: belnk cookie
2:26 PM: Quarantining All Traces: bpath cookie
2:26 PM: Quarantining All Traces: brazilwelcomesyou cookie
2:26 PM: Quarantining All Traces: burstbeacon cookie
2:26 PM: Quarantining All Traces: burstnet cookie
2:26 PM: Quarantining All Traces: carsbelowinvoice cookie
2:26 PM: Quarantining All Traces: centrport net cookie
2:26 PM: Quarantining All Traces: clickandtrack cookie
2:26 PM: Quarantining All Traces: clickzs cookie
2:26 PM: Quarantining All Traces: coolsavings cookie
2:26 PM: Quarantining All Traces: customer cookie
2:26 PM: Quarantining All Traces: dbbsrv cookie
2:26 PM: Quarantining All Traces: dcskqeg2voifwznnd6alhtnei_8f3u cookie
2:26 PM: Quarantining All Traces: desktop kazaa cookie
2:26 PM: Quarantining All Traces: did-it cookie
2:26 PM: Quarantining All Traces: domainsponsor cookie
2:26 PM: Quarantining All Traces: euniverseads cookie
2:26 PM: Quarantining All Traces: exitexchange cookie
2:26 PM: Quarantining All Traces: franklinsurveys cookie
2:26 PM: Quarantining All Traces: gain - common components
2:28 PM: Quarantining All Traces: go.com cookie
2:28 PM: Quarantining All Traces: go2net.com cookie
2:28 PM: Quarantining All Traces: hbmediapro cookie
2:28 PM: Quarantining All Traces: hitstats.net cookie
2:28 PM: Quarantining All Traces: homestore cookie
2:28 PM: Quarantining All Traces: hypertracker.com cookie
2:28 PM: Quarantining All Traces: ic-live cookie
2:28 PM: Quarantining All Traces: infospace cookie
2:28 PM: Quarantining All Traces: kount cookie
2:28 PM: Quarantining All Traces: metareward.com cookie
2:28 PM: Quarantining All Traces: monstermarketplace cookie
2:28 PM: Quarantining All Traces: mp3downloadhq cookie
2:28 PM: Quarantining All Traces: mp3downloading cookie
2:28 PM: Quarantining All Traces: myaffiliateprogram.com cookie
2:28 PM: Quarantining All Traces: mytemplatestorage cookie
2:28 PM: Quarantining All Traces: mywebsearch cookie
2:28 PM: Quarantining All Traces: nextag cookie
2:28 PM: Quarantining All Traces: one-time-offer cookie
2:28 PM: Quarantining All Traces: overture cookie
2:28 PM: Quarantining All Traces: pch cookie
2:28 PM: Quarantining All Traces: portland.co cookie
2:28 PM: Quarantining All Traces: precisead cookie
2:28 PM: Quarantining All Traces: pricegrabber cookie
2:28 PM: Quarantining All Traces: pro-market cookie
2:28 PM: Quarantining All Traces: rightmedia cookie
2:28 PM: Quarantining All Traces: rn11 cookie
2:28 PM: Quarantining All Traces: rp cookie
2:28 PM: Quarantining All Traces: ru4 cookie
2:28 PM: Quarantining All Traces: screensavers.com cookie
2:28 PM: Quarantining All Traces: servlet cookie
2:28 PM: Quarantining All Traces: specificclick.com cookie
2:28 PM: Quarantining All Traces: starware.com cookie
2:28 PM: Quarantining All Traces: stats.klsoft.com cookie
2:28 PM: Quarantining All Traces: toplist cookie
2:28 PM: Quarantining All Traces: toprebates.com cookie
2:28 PM: Quarantining All Traces: tracking cookie
2:28 PM: Quarantining All Traces: trb.com cookie
2:28 PM: Quarantining All Traces: tvguide cookie
2:28 PM: Quarantining All Traces: videodome cookie
2:28 PM: Quarantining All Traces: websponsors cookie
2:28 PM: Quarantining All Traces: web-stat cookie
2:28 PM: Quarantining All Traces: yadro cookie
2:28 PM: Quarantining All Traces: yieldmanager cookie
2:28 PM: Quarantining All Traces: zenotecnico cookie
2:29 PM: Removal process completed. Elapsed time 00:03:12
********
1:29 PM: | Start of Session, Sunday, January 15, 2006 |
1:29 PM: Spy Sweeper started
1:30 PM: Your spyware definitions have been updated.
1:31 PM: | End of Session, Sunday, January 15, 2006 |
 
Joined
Sep 7, 2004
Messages
49,014
download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
===================================
Add remove programs – remove Viewpoint

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\SYSTEM32\ngsh35.dll

O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002

O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe

O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe

O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwintsap.exe FI002

O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwintsap.exe

O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185YYUS


O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/054d370b...p/RdxIE601.cab

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\ngsh35.dll
C:\windows\system32\rsdsregj.exe
C:\WINDOWS\SYSTEM32\sms_msn40.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\WINDOWS\SYSTEM32\mwintsap.exe
C:\WINDOWS\SYSTEM32\dwdsregt.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
Sorry for the delay...was watching football games. Anyways, here is the HijackThis log after I followed the steps you gave me. The ngpw36.exe file seems to be gone from the task manager box, so that's a plus. Thanks for your help, and hopefully this log is clean.

Logfile of HijackThis v1.99.1
Scan saved at 7:26:09 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002
O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs – remove Viewpoint

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\SYSTEM32\sms_msn40.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\sms_msn40.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
Followed steps, and here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:12:42 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Fix this with HiJack

O4 - HKLM\..\Run: [{1D-D6-62-25-ZN}] C:\windows\system32\rsdsregj.exe FI002

Use killbox to delete this file

C:\windows\system32\rsdsregj.exe
===================

http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
hijack scan:

Logfile of HijackThis v1.99.1
Scan saved at 1:35:52 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Kapersky scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 13:35:02
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 161028
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Sarah\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 17948
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 1156 sec

Infected Object Name - Virus Name
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\SYSTEM32\enccyzsb.dll Infected: Trojan.Win32.Goldid
C:\WINDOWS\SYSTEM32\in10bH.dll Infected: Trojan-Dropper.Win32.Agent.og
C:\WINDOWS\SYSTEM32\seaeaiju.dll Infected: Trojan.Win32.Goldid

Scan process completed.
 
Joined
Sep 7, 2004
Messages
49,014
Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Downloaded Program Files\ysbactivex.
C:\WINDOWS\SYSTEM32\enccyzsb.dll
C:\WINDOWS\SYSTEM32\in10bH.dll
C:\WINDOWS\SYSTEM32\seaeaiju.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.
 
Joined
Sep 7, 2004
Messages
49,014
Cheeseball pointed out that I missed this - fix it in HiJack

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Local Security Authority Subsystem Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
Alright, I took care of all the things you told me to do. Thank you so much for your help. The computer seems to be running just fine now. :)
 

FullRange311

Thread Starter
Joined
Aug 28, 2004
Messages
22
Logfile of HijackThis v1.99.1
Scan saved at 2:13:00 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1102096720\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102096720\ee\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102096720\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top