1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan virus and Pop-ups Please help

Discussion in 'Virus & Other Malware Removal' started by ihatepopupsh, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    I keep getting security warnings saying - Your computer is infected with the latest version of internet trojan (iworm_attck_v122.02a) and another is, Your computer is infected with spyware managing pop-up advertisements (OHPE ver 4.12_23) click on the icon to learn more on what you can do about pop-up windows and other unwanted software, and last but not least (not word for word) but it says there is something wrong with Norton and I should uninstall and then install it again. I have tried several different things to get rid of this problem and I still keep getting these warnings and pop-ups (ecspecially - adultfriendfinder and Monaco Gold Casino) I wasn't aware that I had let Norton expire. I have since bought, installed and updated the newest version. Please help me get rid of these pop-ups and viruses! Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 1:44:51 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\MotorolaDAP.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AQ299LWU\WinAntiVirusPro2006Installer[1].exe" -nag
    O4 - HKLM\..\Run: [NI.USYP_0001_N69M1703] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BZTIREQX\SysProtectScannerInstall[1].exe" -nag
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\system32\MotorolaDAP.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  3. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    Panda Active Scan Results - Thanks for the help - now what?


    Incident Status Location

    Potentially unwanted tool:application/mywebsearch Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\documents and settings\all users\start menu\programs\startup\MyWebSearch Email Plugin.lnk
    Adware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dll
    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8-2.inf
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
    Adware:Adware/XPasswordManager Not disinfected C:\Program Files\IntCodec\isauninst.exe
    Adware:Adware/XPasswordManager Not disinfected C:\Program Files\IntCodec\pmuninst.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  5. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    Here is my SpySweeper Session Log


    1:36 PM: Removal process completed. Elapsed time 00:00:27
    1:36 PM: Quarantining All Traces: pesttrap cookie
    1:36 PM: Quarantining All Traces: burstnet cookie
    1:36 PM: Quarantining All Traces: tribalfusion cookie
    1:36 PM: Quarantining All Traces: trafficmp cookie
    1:36 PM: Quarantining All Traces: statcounter cookie
    1:36 PM: Quarantining All Traces: realmedia cookie
    1:36 PM: Quarantining All Traces: questionmarket cookie
    1:36 PM: Quarantining All Traces: overture cookie
    1:36 PM: Quarantining All Traces: mediaplex cookie
    1:36 PM: Quarantining All Traces: malwarewipe cookie
    1:36 PM: Quarantining All Traces: fastclick cookie
    1:36 PM: Quarantining All Traces: clickbank cookie
    1:36 PM: Quarantining All Traces: casalemedia cookie
    1:36 PM: Quarantining All Traces: atlas dmt cookie
    1:36 PM: Quarantining All Traces: advertising cookie
    1:36 PM: Quarantining All Traces: adrevolver cookie
    1:36 PM: Quarantining All Traces: adlegend cookie
    1:36 PM: Quarantining All Traces: 2o7.net cookie
    1:36 PM: Removal process initiated
    1:29 PM: Traces Found: 20
    1:29 PM: Full Sweep has completed. Elapsed time 00:38:39
    1:29 PM: File Sweep Complete, Elapsed Time: 01:05:59
    1:28 PM: Warning: Unable to sweep compressed file: "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\asinst[1].cab": File not found
    1:22 PM: Warning: Failed to access drive K:
    1:22 PM: Warning: Failed to access drive J:
    1:22 PM: Warning: Failed to access drive I:
    1:22 PM: Warning: Failed to access drive H:
    1:22 PM: Warning: Failed to access drive G:
    1:22 PM: Warning: Failed to access drive E:
    1:22 PM: Warning: Failed to open file "d:\recycled\nprotect\nprotect.log". The process cannot access the file because it is being used by another process
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\jetbf3f.tmp". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\program files\updates from hp\137903\users\default\data\d0000000.fcs". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\ssfsetup4129_1879827461[1].exe:zone.identifier". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\text_obaba[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\top_corner[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\83p3qe35\02about_panda_0_part[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\02security_info_0_part[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w96bs5ej\02downloads_0_part[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\159847438[1].htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\mtra4yikcd1qymlwozdjnflag0[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\83p3qe35\zm9alw4q3jl5anugwsdpbpsralt57+[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\rx2wvztdcrtgspkobfipq6as6xfwnths1wdx5k6fy35gwanrydwjr+nxiosltxrc[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\opqpc2y5gt3fneazuwjbcpd81cp9gtfwe95o0zrka7psiizuv83hfy1ntnwztxsi[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\userstatuschange[1].html". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\gkcsisbqfo4akxmhsq34doht4ek6epfs53qcj0wl2dmpb9m51sw1tey6xfh6caoi[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\09qjkhi7\icon_rank_user4[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\blockuser[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\tco3xaw9hgdeemtmsbill1xoyxuzmffyfgsg4vsvjrvvczdwshhjtgatusmmbnp3[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\q4jovkrkbz7jhzjmtsuok71twv44lr2j7izaa[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\ga4qy+obhsdsp0icntvn+vekbgdibitn4elkecpzczaurjiqrzukedqwrgxpktfl[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\clicktrack[1].asp". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\clicktrack[1].htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\159847438[1].htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\3syv7+nkkm63nybv3s1u0dvo4k[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\jpxgcfjay7clx6hjuy56h5+qelbo+ai17fn0g+7gfogl6frzfeqyh7ryorqttahh[1].txt". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\userstatuschange[1].html". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\update[1].htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\post_new[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\headerweather[4].xml". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\cr_btn_r[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\h7nrll0e\shd_r[1].jpg". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\cr1[1].jpg". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w9q7shif\bg_minitabs_bar[1].jpg". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\j[1].ad". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\j[1].ad". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\cac4hlja.htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\sticky[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\h7nrll0e\bottom-right[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\09qjkhi7\join-today[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9iv09az\chat-now[2].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\[4]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\[3]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\[2]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\post_old[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\vundofix.exe". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[25]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[24]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[23]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[22]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[21]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[20]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[19]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[18]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[17]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[16]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[15]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[14]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[13]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[12]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[11]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[10]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[9]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[8]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[7]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[6]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\[5]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[21]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[20]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[19]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[18]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[17]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[16]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[15]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[14]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[13]". The operation completed successfully
     
  6. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[12]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[11]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[10]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[9]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[8]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[7]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[6]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[5]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[4]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[3]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[2]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kt2b8hqf\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[24]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[23]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\[4]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[22]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[21]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[20]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\[3]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[19]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[18]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\[2]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[17]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[16]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[15]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[14]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[13]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[12]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[11]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[10]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[9]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[8]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[7]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[6]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[5]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[4]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[3]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[2]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w9q7shif\[1]". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9iv09az\chat-now[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\multipage[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\bottom_r[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\bottom_l[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w96bs5ej\gradient_header[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\headerweather[2].xml". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w9q7shif\block_bg[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wpin0dej\get[1].media". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s5er0dyr\update[1].htm". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9iv09az\userstatuschange[1].html". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\world-icon2[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\h7nrll0e\box215x115[1].gif". The operation completed successfully
    1:20 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\world-icon2[1].gif". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\p1[1].gif". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0662nav~.tmp". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\09qjkhi7\p1[1].gif". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8f17aa3x\tqd[1].txt". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\phjsr4qwfgtw0hw982ohn2sj0hq[1].txt". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\recycler\nprotect\00001663.js". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\09qjkhi7\st[1].gif". The operation completed successfully
    1:19 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\tik[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w9q7shif\bg[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\search[1].htm". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zuonb18x\style[1].css". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\83p3qe35\phptest[1].htm". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\30[1].swf". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0t2nk9a7\cakde1hq.png". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\headerweather[3].xml". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\headerweather[1].xml". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\09qjkhi7\pixel[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\h7nrll0e\storage[1].swf". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0pqjo52b\storage[1].swf". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wpin0dej\search[2].htm". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\m59ajat4\search[2].htm". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0p2jw16f\t_6[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wpin0dej\search[1].htm". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\ca56nzha.png". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\83p3qe35\a2[1].jpg". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wpin0dej\s[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klqzkper\a[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w96bs5ej\a1[1].gif". The operation completed successfully
    1:18 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\w96bs5ej\ubg[1].gif". The operation completed successfully
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\NORTON~4\NORTON~1\NAVW32.EXE
    12:27 PM: Tamper Detection
    12:23 PM: Starting File Sweep
    12:23 PM: Warning: Failed to access drive A:
    12:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    12:23 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6462)
    12:23 PM: Found Spy Cookie: pesttrap cookie
    12:23 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2337)
    12:23 PM: Found Spy Cookie: burstnet cookie
    12:23 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3589)
    12:23 PM: Found Spy Cookie: tribalfusion cookie
    12:23 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3581)
    12:23 PM: Found Spy Cookie: trafficmp cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3447)
    12:22 PM: Found Spy Cookie: statcounter cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3235)
    12:22 PM: Found Spy Cookie: realmedia cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3217)
    12:22 PM: Found Spy Cookie: questionmarket cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3105)
    12:22 PM: Found Spy Cookie: overture cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 1958)
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6442)
    12:22 PM: Found Spy Cookie: mediaplex cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6467)
    12:22 PM: Found Spy Cookie: malwarewipe cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2651)
    12:22 PM: Found Spy Cookie: fastclick cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2398)
    12:22 PM: Found Spy Cookie: clickbank cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2354)12:22 PM: Found Spy Cookie: casalemedia cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2253)
    12:22 PM: Found Spy Cookie: atlas dmt cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2175)
    12:22 PM: Found Spy Cookie: advertising cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2088)
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2088)
    12:22 PM: Found Spy Cookie: adrevolver cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2074)
    12:22 PM: Found Spy Cookie: adlegend cookie
    12:22 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 1957)
    12:22 PM: Found Spy Cookie: 2o7.net cookie
    12:22 PM: Starting Cookie Sweep
    12:22 PM: Registry Sweep Complete, Elapsed Time:00:00:20
    12:22 PM: Starting Registry Sweep
    12:22 PM: Memory Sweep Complete, Elapsed Time: 00:04:09
    12:18 PM: Starting Memory Sweep
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPCRAWL.EXE
    12:18 PM: Tamper Detection
    12:18 PM: Sweep initiated using definitions version 729
    12:18 PM: Spy Sweeper 5.0.5.1286 started
    12:18 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
    12:18 PM: | End of Session, Sunday, July 30, 2006 |
    12:18 PM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    12:17 PM: Tamper Detection
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    12:13 PM: Shield States
    12:13 PM: Spyware Definitions: 691
    12:12 PM: Spy Sweeper 5.0.5.1286 started
    12:12 PM: Spy Sweeper 5.0.5.1286 started
    12:12 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please post a new Hijack This log
     
  8. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    Logfile of HijackThis v1.99.1
    Scan saved at 12:15:24 PM, on 8/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\MotorolaDAP.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AQ299LWU\WinAntiVirusPro2006Installer[1].exe" -nag
    O4 - HKLM\..\Run: [NI.USYP_0001_N69M1703] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BZTIREQX\SysProtectScannerInstall[1].exe" -nag
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\system32\MotorolaDAP.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

    O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AQ299LWU\WinAntiVirusPro2006Installer[1].exe" -nag

    O4 - HKLM\..\Run: [NI.USYP_0001_N69M1703] "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BZTIREQX\SysProtectScannerInstall[1].exe" -nag

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe


    Close Hijack This.

    Find and delete this folder: C:\Program Files\MyWebSearch

    The 04's may not fix so please do this...

    * Click here to download Registrar Lite.

    Install it and open it then on the address bar paste this and press go:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Look down the right hand panel for this dodgy enties:

    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AQ299LWU\WinAntiVirusPro2006Installer[1].exe

    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BZTIREQX\SysProtectScannerInstall[1].exe


    Right click them and select Delete.

    Post a new Hijack This log.
     
  10. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    Well that took a while - I was able to follow all instructions, except I couldn't find
    C:\Program Files\MyWebSearch to delete. I found it in the hijack this backup log but could not delete it. :mad:
    Here is my newest hijack this log:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:35:34 PM, on 8/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\MotorolaDAP.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\system32\MotorolaDAP.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Log looks good. How are things now?
     
  12. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    Thanks so much for helping - BUT - I am still getting the pop-up from Norton stating:
    Object Name: C:\PROGRAM FILES\INTCODEC\PMMON.EXE
    Virus Name: TROJAN HORSE
    Action Taken: UNABLE TO REPAIR THIS FILE ACCESS TO FILE WAS DENIED
    Same thing pops up again with a different object name
    Object Name: C:\DOCUMENTS A...\7A4E1BB9.EXE

    Also still getting pop-up saying SYSTEM ALERT Your computer is infected with spyware managing pop-up advertisements (OHPE ver 4.12_23) click on the icon to learn more on what you can do about pop-up windows and other unwanted software

    Any other suggestion - this is very frustrating! Thanks again for all your help!
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  14. ihatepopupsh

    ihatepopupsh Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    38
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PECompact2 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\lpt$vpn.877
    qoologic 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\lpt$vpn.877
    SAHAgent 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\lpt$vpn.877
    UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
    PECompact2 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\VPTNFILE.877
    qoologic 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\VPTNFILE.877
    SAHAgent 10/5/2005 9:42:36 PM 16024543 C:\WINDOWS\VPTNFILE.877
    UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
    aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll

    Checking %System% folder...
    SAHAgent 3/18/2006 10:16:04 AM 2131 C:\WINDOWS\SYSTEM32\7npg8rq3.ini
    PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    PEC2 2/15/1997 12:24:14 AM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
    PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    aspack 7/6/2006 8:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    UPX! 4/27/2006 5:49:00 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
    UPX! 1/9/2006 10:36:00 AM 42496 C:\WINDOWS\SYSTEM32\swreg.exe
    UPX! 1/9/2006 10:36:00 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe
    winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    8/1/2006 11:09:36 PM S 2048 C:\WINDOWS\bootstat.dat
    7/25/2006 4:36:04 PM H 54156 C:\WINDOWS\QTFont.qfn
    7/27/2006 1:07:50 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
    6/22/2006 6:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
    6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
    8/1/2006 11:09:48 PM H 12288 C:\WINDOWS\system32\config\default.LOG
    8/1/2006 11:09:56 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    8/1/2006 11:09:38 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
    8/1/2006 11:09:58 PM H 159744 C:\WINDOWS\system32\config\software.LOG
    8/1/2006 11:09:42 PM H 1167360 C:\WINDOWS\system32\config\system.LOG
    7/14/2006 11:01:10 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
    6/28/2006 11:08:24 AM S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
    6/28/2006 11:08:24 AM S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
    8/1/2006 11:08:06 PM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Realtek Semiconductor Corp. 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
    Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Intel Corporation 4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    InstallShield Software Corporation2/16/2005 5:15:20 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    NVIDIA Corporation 8/19/2003 4:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    WildTangent, Inc. 9/27/2002 2:47:26 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
    Microsoft Corporation 5/26/2005 6:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Intel Corporation 4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    7/28/2006 2:00:28 PM 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    2/1/2004 3:01:46 PM 842 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    10/10/2003 9:32:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    5/11/2006 9:01:24 AM 769 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
    7/28/2006 1:27:46 PM 931 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    10/10/2003 10:42:52 PM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    10/11/2003 12:07:36 AM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    7/20/2005 2:06:32 PM 1741 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    10/10/2003 2:26:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    10/10/2003 11:30:42 PM 1236 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    2/18/2006 12:40:30 PM 1743 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    10/10/2003 9:32:08 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
    10/14/2003 12:24:58 AM 817 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

    Checking files in %USERPROFILE%\Application Data folder...
    5/24/2005 1:48:02 PM 877 C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
    10/10/2003 2:26:14 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
    5/24/2005 1:48:02 PM 0 C:\Documents and Settings\Owner\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
    CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\System32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
    hp view = C:\WINDOWS\System32\Shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    = ScriptInocUI Class :
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    {C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5E638779-1818-4754-A595-EF1C63B87A56}
    ButtonText = Express Cleanup : C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
    Shell Search Band = %SystemRoot%\system32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\System32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\System32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    {C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    hpsysdrv c:\windows\system\hpsysdrv.exe
    HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
    CamMonitor "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe"
    HPHUPD05 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    HPHmon05 C:\WINDOWS\System32\hphmon05.exe
    KBD C:\HP\KBD\KBD.EXE
    UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    AutoTKit C:\hp\bin\AUTOTKIT.EXE
    VTTimer VTTimer.exe
    LTMSG LTMSG.exe 7
    PS2 C:\WINDOWS\system32\ps2.exe
    Sunkist2k "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
    SSBkgdUpdate "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    PaperPort PTD "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    IndexSearch "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    SetDefPrt "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
    ControlCenter2.0 "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AlcxMonitor ALCXMNTR.EXE
    ISUSPM Startup "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    SunJavaUpdateSched "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    KernelFaultCheck %systemroot%\system32\dumprep 0 -k
    Google Desktop Search "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    Picasa Media Detector "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    RecordNow!
    NVIEW "rundll32.exe" nview.dll,nViewLoadHook
    MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
    BackupNotify "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
    NoCDBurning 0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
    homepage.monitor.exe C:\Program Files\IntCodec\isamonitor.exe
    pmsngr.exe C:\Program Files\IntCodec\pmsngr.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {17492023-C23A-453E-A040-C7C580BBF700} 1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    DisableRegistryTools 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    = WgaLogon.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/1/2006 11:16:57 PM
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Boot into Safe Mode.

    Find and delete this folder: C:\Program Files\IntCodec

    Reboot to Normal Mode.

    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487549

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice