1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: SysProtect Installer Removal ?? HJT log included....

Discussion in 'Virus & Other Malware Removal' started by Katmandu, Jul 31, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    Logfile of HijackThis v1.99.1
    Scan saved at 9:52:09 PM, on 7/31/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\{48F664B0-0708-1033-0728-040624050001}\Update.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\ERIC2\Desktop\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2004\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: www.pcpitstop.com
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098571318045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134435680593
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  3. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    Thanks for the FAST reply! (y) I "think" I may have Deleted Sysbot (via XoftSpy) before my original posting. :confused: Not certain though... :cool:

    None-the-Less I followed your instructions and the results are posted below.


    -ERIC

    PS - Do you see anything else that would cause problems in my files ??

    ==========================================================
    VundoFix V5.1.6

    Checking Java version...

    Java version is 1.4.2.6

    Scan started at 10:02:41 PM 7/31/2006

    Listing files found while scanning....


    VundoFix V5.1.6

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.6

    Scan started at 10:07:04 PM 7/31/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...
    =========================================================
    Logfile of HijackThis v1.99.1
    Scan saved at 10:11:45 PM, on 7/31/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\{48F664B0-0708-1033-0728-040624050001}\Update.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\ERIC2\Desktop\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    c:\windows\system32\VundoFix.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2004\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NI.USYP_0001_N85M2606] "C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe" -nag
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: www.pcpitstop.com
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098571318045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134435680593
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove all occurences of Viewpoint

    ==================

    Download Registrar Lite from here: http://www.resplendence.com/download/reglite.exe

    Install it and open it then on the address bar paste this and press go:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Look down the right hand panel for this dodgy entry:

    C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe

    Right click it and select delete.
    ===========================
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  5. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    I didn't see any way to Remove Viewpoint under Add/Remove.

    Ewido found a bunch of stuff! :eek: I deleted all of them. However, after I rebooted, there still is something that is popping up a new IE window.

    Here's my Logs......
    =========================================================

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:53:33 PM 8/1/2006

    + Scan result:


    C:\Documents and Settings\ERIC2\Local Settings\Temp\ICD2.tmp\SAIX.dll -> Adware.180Solutions : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SAIX.dll -> Adware.180Solutions : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\SAIX.dll -> Adware.180Solutions : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\SAIX.dll -> Adware.180Solutions : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\SAIX.dll -> Adware.180Solutions : Cleaned.
    C:\Program Files\DAP\Temp\LDN1308.tmp -> Adware.MediaMotor : Cleaned.
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\SAISetup.exe -> Adware.Zango : Cleaned.
    F:\WINDOWS\SYSTEM32\Page 3 TV-uninstall.exe -> Dialer.Generic : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\ICD4.tmp\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned.
    C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\winD4A.tmp.exe -> Downloader.Small : Cleaned.
    C:\WINDOWS\Downloaded Program Files\7dd64bbbb0d9946a8c5a944943b4a583_35.exe -> Downloader.Small.bwy : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    H:\Documents and Settings\Administrator.ROBERT\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    E:\Documents and Settings\ERIC\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    E:\Documents and Settings\ERIC\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    E:\Documents and Settings\ERIC\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    E:\Documents and Settings\ERIC\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    H:\Documents and Settings\Administrator.ROBERT\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    H:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    H:\Documents and Settings\Administrator.ROBERT\Cookies\[email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    H:\Documents and Settings\Administrator.ROBERT\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Cqcounter : Cleaned.
    E:\Documents and Settings\ERIC\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    H:\Documents and Settings\Administrator.ROBERT\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected]re[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    E:\Documents and Settings\ERIC\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    E:\Documents and Settings\ERIC\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    E:\Documents and Settings\ERIC\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    E:\Documents and Settings\ERIC\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Specificpop : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Specificpop : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][1].txt -> TrackingCookie.Trafficvenue : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\ERIC2\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    F:\Documents and Settings\Robert\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
    E:\Downloads\Downloads 4\All+My+Keys+and+Serials!!,+tons+of+em,+5-5-01,windows,adobe,norton,symantec,xp,adaptec,pass+this+on+please.zip/Password Cracker.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Cleaned.
    E:\Downloads\Downloads 4\All+My+Keys+and+Serials!!,+tons+of+em,+5-5-01,windows,adobe,norton,symantec,xp,adaptec,pass+this+on+please.zip/duplicates/Password Cracker.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Cleaned.
    E:\Downloads\Serials\Password Cracker.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Cleaned.
    E:\Downloads\Serials\duplicates\Password Cracker.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temporary Internet Files\Content.IE5\903SGMAX\installdrivecleanerstart[1].cab/UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned.
    C:\Documents and Settings\ERIC2\Local Settings\Temporary Internet Files\Content.IE5\J6HFZ7W1\installdrivecleanerstart[1].exe -> Trojan.Fakealert : Cleaned.
    C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned.
    C:\Program Files\DAP\Temp\LDN12FA.tmp -> Trojan.LowZones.am : Cleaned.
    C:\My Shared Folder\File Splitter Deluxe 7.1.rar/File Splitter Deluxe 7.1\tsrh-fsd71p.zip/tsrh-fsd71p.exe -> Trojan.Proxcrak.A : Cleaned.
    C:\Program Files\File Splitter\File Splitter Deluxe 7.1\tsrh-fsd71p.exe -> Trojan.Proxcrak.A : Cleaned.
    C:\Program Files\File Splitter\File Splitter Deluxe 7.1\tsrh-fsd71p.zip/tsrh-fsd71p.exe -> Trojan.Proxcrak.A : Cleaned.


    ::Report end

    ========================================================

    See next Post for my HJT log....
     
  6. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    Here's my latest HJT log.


    Logfile of HijackThis v1.99.1
    Scan saved at 5:14:28 PM, on 8/1/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ishost.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\ismon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2004\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: www.pcpitstop.com
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098571318045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134435680593
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have to better explain this

    >>there still is something that is popping up a new IE window.<<


    You may want to print this or save it to notepad as we will go to safe mode.

    Please click here http://www.java.com/en/download/manual.jsp to download the latest version of JAVA 1.5.0.7. Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.
    ===============

    Fix these with HJT – mark them, close IE, click fix checked

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Viewpoint

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    What is this ???

    C:\WINDOWS\System32\ishost.exe :confused:
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Ah Ha - Smitfraud - Thanks!

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  10. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    I believe you nailed it! Using the SmitfraudFix app! (y)

    Here's my latest HJT log.....


    Logfile of HijackThis v1.99.1
    Scan saved at 10:13:36 PM, on 8/1/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Documents and Settings\ERIC2\Desktop\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Norton AntiVirus 2004\OPScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2004\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: www.pcpitstop.com
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098571318045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134435680593
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  11. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    Oh....and the log file from Smitfraud Fix....

    SmitFraudFix v2.78

    Scan done at 18:53:14.46, Tue 08/01/2006
    Run from E:\Downloads\Downloads 34\Smitfraud Removal\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\ismon.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ========================================================

    What security/AV/Anti-Spyware do you have running on your system ??

    BTW, I will make a Donation to TSG for the great Tech Support! Greatly appreciated!


    -ERIC
    (y)
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  13. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    Hmm... I still seem to have a Trojan or Worm on my system. :(

    I updated all my Security settings for IE and the Active X is Blocking something called a BHO....Windows/System32/sstqr.dll

    I tried some things to remove it, but it's apparently embedded pretty deep.

    Here's my latest HJT log.....

    -------------------------------------------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:13 PM, on 8/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c95bd83d2a268baf2b92cca324c3120b\update\update.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2004\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar5.dll/cmwordtrans.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: www.pcpitstop.com
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098571318045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134435680593
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2004\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  14. Katmandu

    Katmandu Thread Starter

    Joined:
    May 28, 2006
    Messages:
    267
    This looks suspicious to me.....

    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c95bd83d2a268baf2b92cca324c3120b\update\update.exe

    I think I'll open a new thread since I marked this one solved already.
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Bet if you boot it goes away
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488282

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice