Solved: EMPNADS & Elitebar

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

davecabezo

Thread Starter
Joined
Jun 22, 2005
Messages
116
I have followed with interest the above thread as I too have a problem with Empnads & Ads1 on my computer, though not quite as bad as above, never the less it is very, very anoying. My question is can I try the above methods or are all cases different.
Regards,
Dave
 
Joined
Jul 26, 2002
Messages
46,353
Hi davecabezo

Welcome to TSG! :)

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 
Joined
Jul 26, 2002
Messages
46,353
Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

davecabezo

Thread Starter
Joined
Jun 22, 2005
Messages
116
Sorry I took so long to get back to you. Since my post I downloaded and ran the anti spyware programs you mentioned in you previous post and touch wood things seemed to have quietened down, however I've done as you requesred and here is the scan results.

Logfile of HijackThis v1.99.1
Scan saved at 17:07:17, on 22/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
D:\My Documents\Anti Spam\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\PDT\VoIPVoice Integrations\VoIPVoice Integration.exe
C:\Program Files\X-Lite\X-Lite.exe
C:\Program Files\Skype1.2.0\Phone\Skype.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\SAM\SAM.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
D:\My Documents\Anti Spam\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\My Documents\Anti Spam\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [gcasServ] "D:\My Documents\Anti Spam\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype VoIPVoice integration] "C:\Program Files\PDT\VoIPVoice Integrations\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-Lite\X-Lite.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype1.2.0\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: VoipBuster.lnk = C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Regards,
Dave
 
Joined
Jul 26, 2002
Messages
46,353
* * Go here to download CCleaner.
  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the "Options" button.
  • Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Put a check by the following before you scan:
    • Binder
      [*]Crypter
      [*]Archives
  • Click the Start Scan button to start the scan.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
 

davecabezo

Thread Starter
Joined
Jun 22, 2005
Messages
116
Hi firman1,
Problems,
Tried to run Ewido but couldn't check "archives" as it was greyed out. Ran the prog anyway and saved the file below.
I then went back into normal windows and tried to run active scan but IE blocked the file. I went into IE settings and reduced them to lowest security, same problem.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 17:10:55, 23/06/2005
+ Report-Checksum: 697CAAE4

+ Date of database: 22/06/2005
+ Version of scan engine: v3.0

+ Duration: 45 min
+ Scanned Files: 41181
+ Speed: 15.03 Files/Second
+ Infected files: 47
+ Removed files: 47
+ Files put in quarantine: 47
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\
D:\
E:\

+ Scan result:
C:\Documents and Settings\Anyone\Cookies\anyone@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Anyone\Local Settings\Temp\temp.fr18C2 -> Spyware.IBISToolbar -> Cleaned with backup
C:\Program Files\TechSmith\SnagIt 7\2KXP\crack22-1.exe -> TrojanDropper.Agent.kd -> Cleaned with backup
C:\Program Files\TechSmith\SnagIt 7\crack22.exe -> TrojanDropper.Agent.kd -> Cleaned with backup
C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047082.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047130.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047185.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047226.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047260.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047263.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047286.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047434.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047528.DLL -> Spyware.EliteBar.af -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047529.EXE -> Spyware.Websearch -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047533.rmr -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047539.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047574.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047675.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047683.dll -> Spyware.Wintol.y -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047684.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047685.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047686.exe -> Spyware.Wintol.y -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047690.dll -> TrojanDownloader.Agent.br -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047691.EXE -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047692.DAT -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047769.wzg -> Spyware.IBISToolbar -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047778.dll -> Spyware.WebSearch.aj -> Cleaned with backup
C:\RECYCLER\NPROTECT\00047780.exe -> Spyware.WebSearch -> Cleaned with backup
C:\WINDOWS\system32\akcore.dll -> Spyware.Coreak -> Cleaned with backup
C:\WINDOWS\system32\akrules.dll -> TrojanDownloader.Agent.bt -> Cleaned with backup
C:\WINDOWS\system32\akupd.dll -> Spyware.Ezula -> Cleaned with backup
C:\WINDOWS\system32\wincoreak.dll -> Spyware.Coreak -> Cleaned with backup
C:\WINDOWS\system32\winlspak.dll -> TrojanDownloader.Agent.br -> Cleaned with backup
C:\WINDOWS\system32\winrulesak.dll -> TrojanDownloader.Agent.bt -> Cleaned with backup
C:\WINDOWS\system32\winupdak.dll -> Spyware.Ezula -> Cleaned with backup
C:\WINDOWS\Temp\~450964.tmp -> Spyware.Wintol.q -> Cleaned with backup
C:\WINDOWS\Temp\~787168.tmp -> Spyware.Wintol.p -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\1563671D-F1FC-4078-A716-5553E4\DA2BF707-3486-4249-884A-69322A -> Spyware.Wintol.y -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\1563671D-F1FC-4078-A716-5553E4\9CD95CBC-000B-4AF6-992A-340431 -> TrojanDownloader.Wintool.f -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\1563671D-F1FC-4078-A716-5553E4\7F01E855-692B-407C-8C94-94B1CF -> Spyware.Wintol.y -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\1563671D-F1FC-4078-A716-5553E4\0FD188DB-3AB8-4904-B04C-8774B0 -> Spyware.Wintol.y -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\C1EA5B3D-756D-4EF3-A4DC-ADCD5A\8524DE4D-2105-4287-8896-10C0B5 -> Spyware.WebSearch.aj -> Cleaned with backup
D:\My Documents\Anti Spam\Quarantine\C1EA5B3D-756D-4EF3-A4DC-ADCD5A\C58D387D-F5ED-4D82-B252-AE5ADA -> Spyware.WebSearch -> Cleaned with backup
D:\Recycled\NPROTECT\00000744 -> TrojanDownloader.Agent.br -> Cleaned with backup
D:\Recycled\NPROTECT\00000753 -> Spyware.Hijacker.Generic -> Cleaned with backup
D:\Recycled\NPROTECT\00000754 -> Spyware.Hijacker.Generic -> Cleaned with backup


::Report End

Regards,
Dave
 
Joined
Jul 26, 2002
Messages
46,353
flrman1 said:
Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
I need to see the new Hijack This log and the results from Activescan as requested.
 

davecabezo

Thread Starter
Joined
Jun 22, 2005
Messages
116
Hi, As I said I could not get Active Scan to load because of IE. However here is the Hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 20:13:48, on 23/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PDT\VoIPVoice Integrations\VoIPVoice Integration.exe
C:\Program Files\X-Lite\X-Lite.exe
C:\Program Files\Skype1.2.0\Phone\Skype.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
C:\Program Files\SAM\SAM.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\My Documents\Anti Spam\SpywareGuard\sgmain.exe
D:\My Documents\Anti Spam\SpywareGuard\sgbhp.exe
D:\My Documents\Anti Spam\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\My Documents\Anti Spam\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\My Documents\Anti Spam\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [gcasServ] "D:\My Documents\Anti Spam\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype VoIPVoice integration] "C:\Program Files\PDT\VoIPVoice Integrations\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-Lite\X-Lite.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype1.2.0\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Startup: SpywareGuard.lnk = D:\My Documents\Anti Spam\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: VoipBuster.lnk = C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hope this helps,
Dave
 

davecabezo

Thread Starter
Joined
Jun 22, 2005
Messages
116
Hi firman1,
Things seem OK but as I said I couldn't load Active Scan because of IE blocking the loading of the file. Where in IE do I set preferences to allow Active Scan to load and also can I now go back to Firfox as my browser or do you think this is a backward step?
Lastly, I have both Spyware Guard and MS Antispyware running in the background, increased the security levels in IE and carried out all the recommendations in dvk01's sticky. Anything else I need to do.
Many thanks for your help to date,
Regards,
Dave
 
Joined
Jul 26, 2002
Messages
46,353
I highly recommend you get rid of Shareaza as dowloading files from p2p apps like that is a major source for spreading many infections. It is simply not wise to use them.


Reset your ActiveX security settings like so... Go to Internet Options > Security > Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Like that you should be prompted to install the ActiveX to run the online scan. Also when you go to install the ActiveX SP2 will place a yellow bar accross the bottom of the addressbar in IE showing that it has blocked the installation of the ActiceX control. You can right click there and "Allow" the installation.
 
Joined
Jul 26, 2002
Messages
46,353
You're Welcome! :)

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.
 
Joined
Jul 26, 2002
Messages
46,353
Since this problem has been solved, I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top