Hijack Error Log
Logfile of HijackThis v1.99.1
Scan saved at 10:14:23 PM, on 7/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.shopnav.com/sidesearch.cgi?uid=11795454&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone:
http://www.bestbuy.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {5B59DA81-5B9E-4F3D-AF5B-A0C644037165} -
http://pictures05.aim.com/ygp/aol/plugin/download/YGPPicDownload.en-US-AIM.9.5.1.5.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) -
http://pictures05.aim.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.en-US-AIM.9.1.6.27.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Shredder Error Report
**** Run Keys ****
RUN: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
RUN: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
**** Browser Helper Objects ****
BHO: [] C:\PROGRA~1\Toolbar\toolbar.dll
BHO: [CNavExtBho Class] C:\Program Files\Norton AntiVirus\NavShExt.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [AOL Toolbar] C:\Program Files\AOL Toolbar\toolbar.dll
TOOLBAR: [AIM Search] C:\Program Files\AIM Toolbar\AIMBar.dll
TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll
TOOLBAR: [&Search Toolbar] C:\PROGRA~1\Toolbar\toolbar.dll
**** IE Extensions ****
IEExt: [AOL Toolbar]
IEExt: [AIM] C:\Program Files\AIM\aim.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page:
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar:
http://www.websearch.com/ie.aspx?tb_id=50162
Search Page:
http://websearch.shopnav.com/sidesearch.cgi?uid=11795454&id=5.20013
**** IE Context Menu (Right click) ****
IEContext: [&AIM Search] res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IEContext: [&AOL Toolbar search] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3803A93-535A-4015-AB1B-E65CCEDECE36}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3803A93-535A-4015-AB1B-E65CCEDECE36}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7347EB33-4FDD-4B7A-B4BF-4BE9D136FB8D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7347EB33-4FDD-4B7A-B4BF-4BE9D136FB8D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE21A487-6C0B-48A6-9634-288925052F2E}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE21A487-6C0B-48A6-9634-288925052F2E}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D09DA73-A36B-4394-9657-D9797BC08DB3}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D09DA73-A36B-4394-9657-D9797BC08DB3}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF2A74B-948E-49B3-AEF6-2232F548360B}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF2A74B-948E-49B3-AEF6-2232F548360B}] DATAGRAM 4
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} [
http://www.symantec.com/techsupp/asa/LSSupCtl.cab] C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
{33564D57-0000-0010-8000-00AA00389B71} [
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB]
{41F17733-B041-4099-A042-B518BB6A408C} [
http://appldnld.m7z.net/content.inf.../win/019-0312.20050111.MmVrT/iTunesSetup.exe]
{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} [
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab]
{5B59DA81-5B9E-4F3D-AF5B-A0C644037165} [
http://pictures05.aim.com/ygp/aol/plugin/download/YGPPicDownload.en-US-AIM.9.5.1.5.cab]
{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} [
http://pictures05.aim.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.en-US-AIM.9.1.6.27.cab]
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [
http://www.symantec.com/techsupp/asa/SymAData.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AOL ACS] "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
[AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Creative Service for CDROM Access] C:\WINDOWS\System32\CTsvcCDA.exe
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Program Files\ewido\security suite\ewidoctrl.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{C0405E5E-519B-4323-9726-468CB536FC69}
[SymWSC] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TBPSSvc] C:\PROGRA~1\Toolbar\TBPSSvc.exe
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WMDM PMSP Service] C:\WINDOWS\System32\MsPMSPSv.exe
[WmdmPmSp] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant]
http://www.websearch.com/ie.aspx?tb_id=50162
SEARCH: [CustomizeSearch] res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page]
http://websearch.shopnav.com/sidesearch.cgi?uid=11795454&id=5.20013
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Window_Placement] ,
IEOPT: [Search Bar]
http://www.websearch.com/ie.aspx?tb_id=50162
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use FormSuggest] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use Search Asst] no
IEOPT: [AutoSearch]
IEOPT: [Friendly http errors] yes
IEOPT: [BandRest] Never
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Default_Page_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [BandRest] Never
IEOPT: [IEWatsonEnabled]
IEOPT: [CustomizeSearch] res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
IEOPT: [SearchAssistant]
http://www.websearch.com/ie.aspx?tb_id=50162
Ewido Report
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:10:58 PM, 7/13/2005
+ Report-Checksum: 83D09E84
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tpro -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{37AC49E3-E906-4BD8-AE83-D0F7FB48FD17} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\toolbar -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\toolbar\Install -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Security -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Enum -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1957994488-2025429265-839522115-1004\Software\Toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1957994488-2025429265-839522115-1004\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1957994488-2025429265-839522115-1004\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\KYLE\Local Settings\Temporary Internet Files\Content.IE5\OXERKTQ7\TBPSSvc[1].cab/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\KYLE\Cookies\
[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\KYLE\Cookies\
[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\System Volume Information\_restore{AB330131-A5FC-4061-A8E6-BC99CAF53F35}\RP185\A0084771.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{AB330131-A5FC-4061-A8E6-BC99CAF53F35}\RP185\A0084772.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{AB330131-A5FC-4061-A8E6-BC99CAF53F35}\RP185\A0084773.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{AB330131-A5FC-4061-A8E6-BC99CAF53F35}\RP185\A0084774.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{AB330131-A5FC-4061-A8E6-BC99CAF53F35}\RP187\A0084887.exe -> Spyware.WebSearch : Cleaned with backup
::Report End
Can't load Norton Internet security. I had it there once and uninstalled it. When I try to reinstall the system tells me to insert the Norton Disk. It is already there. I have clicked OK and I have taken the disk out and put it back in and no luck.
I found CXTPLS and TBPS through Norton Utility. I wish I had not uninstalled it.
I still see these three files. I don't know if it is OK or not.
TBPSSVC.exe - OCBD9772.PF in C:\Windows Prefetch
TBPS.exe - 0144A11c.PF in C:\Windows Prefetch
CXTPLS.exe - 09D979E.PF in C:\Windows Prefetch