1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

web-nexus

Discussion in 'Virus & Other Malware Removal' started by Rai, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Rai

    Rai Thread Starter

    Joined:
    Jan 21, 2006
    Messages:
    4
    I'm sorry if this has been discussed previously, I can't figure out how to search the threads. Of course, it would be easier without these annoying popups from web-nexus. I'm running XP Pro, and I have no idea what else I should tell you. Please help! PLEASE! I can't take these pop ups anymore! Norton can't kill it. Adaware can't kill it. AOL can't kill it. And I can't find the file names. :(
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. Rai

    Rai Thread Starter

    Joined:
    Jan 21, 2006
    Messages:
    4
    Like this?

    Logfile of HijackThis v1.99.1
    Scan saved at 6:05:54 PM, on 1/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\System32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINNT\System32\HPZipm12.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119665504\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kcowpy.exe reg_run
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_840/sdcregie.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119805507385
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D825389F-CBAC-4179-BC49-6CC21F26AF9D}: NameServer = 68.94.156.1,68.94.157.1
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

    http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129


    * Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits
    o Please UNCHECK Do not Sweep System Restore Folder.
    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.


    After running spysweeper run the rest of the tools!


    * Download the trial version of Ewido Security Suite here

    http://www.ewido.net/en/

    * Install ewido.
    * During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the left side of the main screen click update
    * Click on Start and let it update.
    * DO NOT run a scan yet. You will do that later in safe mode.



    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.



    R3 - Default URLSearchHook is missing
    O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
    O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kcowpy.exe reg_run
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)



    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\WINNT\system32\kcowpy.exe



    * Run Ewido:

    * Click on scanner
    * Click Complete System Scan and the scan will begin.
    * During the scan it will prompt you to clean files, click OK
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop



    to clean out the Temp folders!


    When in Safe Mode, open notepad and paste in the following lines:

    del c:\ *.tmp
    del %temp%\*.tmp /f
    del %windir%\prefetch\*.*
    del %windir%\temp\*.* /f
    del C:\documents and settings\*\local settings\temp\*.* /f

    Save to your desktop as 'clean.bat'...Before you save,set 'file types' to
    all types. ( *.*)

    DoubleClick on "clean.bat", and say Yes to the prompt.


    reboot to normal mode and run a few online scans!



    Run an online antivirus check from

    http://www.kaspersky.com/virusscanner

    choose extended database for the scan!



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!


    post another hijack this log, the ewido and active scan logs
     
  5. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Also do this!


    download FindQoologic-Narrator.zip save it to your Desktop.

    http://forums.net-integration.net/index.php?act=Attach&type=post&id=134981

    Extract (unzip) the files inside into their own folder called FindQoologic.
    Open the FindQoologic folder.
    Locate and double-click the Find-Qoologic.bat file to run it.
    Wait until a text opens, post it in a reply to your thread.

    you might find you get an error message when first running this file, if so
    close it & run again and wait until file.txt opens on desktop.

    Ignore the first list that opens with a long list of files and wait for FILE.
    TXT to pop up

    It normally takes somewhere between 10 to 15 minutes depending on your
    computer so don't panic if it takes some time.
     
  6. Rai

    Rai Thread Starter

    Joined:
    Jan 21, 2006
    Messages:
    4
    ********
    6:25 PM: | Start of Session, Thursday, January 26, 2006 |
    6:25 PM: Spy Sweeper started
    6:25 PM: Sweep initiated using definitions version 606
    6:25 PM: Starting Memory Sweep
    6:26 PM: Found Adware: clkoptimizer
    6:26 PM: Detected running threat: C:\WINNT\system32\anueiqp.dll (ID = 201363)
    6:28 PM: Detected running threat: C:\WINNT\system32\lwkfk.dll (ID = 201361)
    6:29 PM: Detected running threat: C:\WINNT\system32\kcowpy.exe (ID = 201366)
    6:29 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winsync (ID = 0)
    6:31 PM: Memory Sweep Complete, Elapsed Time: 00:05:52
    6:31 PM: Starting Registry Sweep
    6:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
    6:31 PM: HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\ (2 subtraces) (ID = 753449)
    6:31 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
    6:31 PM: Found Adware: ezula ilookup
    6:31 PM: HKLM\software\microsoft\webext\ (7 subtraces) (ID = 828947)
    6:31 PM: HKLM\software\qstat\ || brr (ID = 877670)
    6:31 PM: HKLM\software\microsoft\netstat\ (35 subtraces) (ID = 926797)
    6:31 PM: Registry Sweep Complete, Elapsed Time:00:00:28
    6:31 PM: Starting Cookie Sweep
    6:31 PM: Found Spy Cookie: primaryads cookie
    6:31 PM: [email protected][2].txt (ID = 3190)
    6:31 PM: Found Spy Cookie: 888 cookie
    6:31 PM: [email protected][2].txt (ID = 2019)
    6:31 PM: Found Spy Cookie: about cookie
    6:31 PM: [email protected][1].txt (ID = 2037)
    6:31 PM: Found Spy Cookie: yieldmanager cookie
    6:31 PM: [email protected][2].txt (ID = 3751)
    6:31 PM: Found Spy Cookie: adknowledge cookie
    6:31 PM: [email protected][1].txt (ID = 2072)
    6:31 PM: Found Spy Cookie: adlegend cookie
    6:31 PM: [email protected][1].txt (ID = 2074)
    6:31 PM: Found Spy Cookie: hbmediapro cookie
    6:31 PM: [email protected][2].txt (ID = 2768)
    6:31 PM: Found Spy Cookie: ask cookie
    6:31 PM: [email protected][1].txt (ID = 2245)
    6:31 PM: Found Spy Cookie: belnk cookie
    6:31 PM: [email protected][2].txt (ID = 2293)
    6:31 PM: Found Spy Cookie: atwola cookie
    6:31 PM: [email protected][1].txt (ID = 2255)
    6:31 PM: Found Spy Cookie: azjmp cookie
    6:31 PM: [email protected][1].txt (ID = 2270)
    6:31 PM: [email protected][2].txt (ID = 2292)
    6:31 PM: Found Spy Cookie: bizrate cookie
    6:31 PM: [email protected][2].txt (ID = 2308)
    6:31 PM: Found Spy Cookie: classmates cookie
    6:31 PM: [email protected][2].txt (ID = 2384)
    6:31 PM: Found Spy Cookie: 360i cookie
    6:31 PM: [email protected][2].txt (ID = 1962)
    6:31 PM: Found Spy Cookie: go.com cookie
    6:31 PM: [email protected][1].txt (ID = 2729)
    6:31 PM: [email protected][1].txt (ID = 2293)
    6:31 PM: [email protected][1].txt (ID = 2038)
    6:31 PM: Found Spy Cookie: exitexchange cookie
    6:31 PM: [email protected][1].txt (ID = 2633)
    6:31 PM: Found Spy Cookie: trb.com cookie
    6:31 PM: [email protected][1].txt (ID = 3588)
    6:31 PM: [email protected][1].txt (ID = 2728)
    6:31 PM: [email protected][1].txt (ID = 2767)
    6:31 PM: Found Spy Cookie: clickandtrack cookie
    6:31 PM: [email protected][2].txt (ID = 2397)
    6:31 PM: Found Spy Cookie: nextag cookie
    6:31 PM: [email protected][2].txt (ID = 5014)
    6:31 PM: Found Spy Cookie: partypoker cookie
    6:31 PM: [email protected][2].txt (ID = 3111)
    6:31 PM: Found Spy Cookie: realmedia cookie
    6:31 PM: [email protected][1].txt (ID = 3235)
    6:31 PM: Found Spy Cookie: rn11 cookie
    6:31 PM: [email protected][2].txt (ID = 3261)
    6:31 PM: [email protected][2].txt (ID = 2729)
    6:31 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:31 PM: [email protected][1].txt (ID = 3341)
    6:31 PM: Found Spy Cookie: statcounter cookie
    6:31 PM: [email protected][1].txt (ID = 3447)
    6:31 PM: [email protected][2].txt (ID = 3587)
    6:31 PM: [email protected][1].txt (ID = 2020)
    6:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    6:32 PM: Starting File Sweep
    6:32 PM: a0038038.exe (ID = 201362)
    6:32 PM: a0044587.dll (ID = 201361)
    6:32 PM: a0037819.exe (ID = 201362)
    6:32 PM: Found Adware: e2g
    6:32 PM: a0050015.exe (ID = 190478)
    6:32 PM: a0024899.dll (ID = 201361)
    6:33 PM: a0047054.dll (ID = 201363)
    6:33 PM: a0050310.dll (ID = 201361)
    6:33 PM: a0049434.dll (ID = 201361)
    6:33 PM: a0031425.dll (ID = 201361)
    6:33 PM: a0049762.dll (ID = 201361)
    6:33 PM: a0047290.dll (ID = 201361)
    6:33 PM: a0050641.dll (ID = 201363)
    6:33 PM: a0033597.dll (ID = 201363)
    6:33 PM: a0041158.dll (ID = 201361)
    6:33 PM: a0037554.dll (ID = 201363)
    6:33 PM: a0037773.exe (ID = 201362)
    6:33 PM: a0050080.exe (ID = 201362)
    6:33 PM: a0050642.dll (ID = 201361)
    6:33 PM: a0047288.exe (ID = 201362)
    6:33 PM: a0031382.dll (ID = 201361)
    6:33 PM: a0038852.dll (ID = 201363)
    6:33 PM: a0037821.dll (ID = 201361)
    6:33 PM: a0038747.exe (ID = 201366)
    6:33 PM: a0032535.dll (ID = 201361)
    6:33 PM: a0050640.exe (ID = 201362)
    6:33 PM: a0050240.dll (ID = 201361)
    6:33 PM: a0046976.dll (ID = 201361)
    6:33 PM: a0051306.dll (ID = 201363)
    6:33 PM: a0050082.dll (ID = 201361)
    6:33 PM: a0038853.dll (ID = 201361)
    6:33 PM: a0046721.dll (ID = 201361)
    6:34 PM: a0046687.dll (ID = 201361)
    6:34 PM: a0046793.dll (ID = 201361)
    6:34 PM: a0047017.dll (ID = 201361)
    6:34 PM: a0044585.exe (ID = 201362)
    6:34 PM: a0043582.dll (ID = 201361)
    6:34 PM: a0047055.dll (ID = 201361)
    6:34 PM: a0038040.dll (ID = 201361)
    6:34 PM: a0041229.dll (ID = 201361)
    6:34 PM: a0046832.dll (ID = 201361)
    6:34 PM: a0046685.exe (ID = 201362)
    6:34 PM: a0047082.dll (ID = 201361)
    6:34 PM: a0035779.dll (ID = 201361)
    6:34 PM: a0041198.dll (ID = 201361)
    6:34 PM: a0032763.dll (ID = 201361)
    6:34 PM: a0046719.exe (ID = 201362)
    6:34 PM: a0038108.exe (ID = 201362)
    6:34 PM: a0035777.exe (ID = 201362)
    6:34 PM: a0032657.dll (ID = 201361)
    6:34 PM: a0033524.dll (ID = 201361)
    6:34 PM: a0043535.dll (ID = 201361)
    6:34 PM: a0038851.exe (ID = 201362)
    6:34 PM: a0046974.exe (ID = 201362)
    6:34 PM: a0046791.exe (ID = 201362)
    6:34 PM: a0032655.exe (ID = 201362)
    6:34 PM: a0032707.dll (ID = 201361)
    6:34 PM: a0032705.exe (ID = 201362)
    6:34 PM: a0049785.dll (ID = 201361)
    6:34 PM: a0046830.exe (ID = 201362)
    6:34 PM: a0047015.exe (ID = 201362)
    6:34 PM: a0041020.exe (ID = 201362)
    6:34 PM: a0040949.exe (ID = 201362)
    6:34 PM: a0050238.exe (ID = 201362)
    6:34 PM: a0032761.exe (ID = 201362)
    6:34 PM: a0050913.dll (ID = 201361)
    6:34 PM: a0049783.exe (ID = 201362)
    6:34 PM: a0032902.dll (ID = 201361)
    6:34 PM: a0041156.exe (ID = 201362)
    6:34 PM: a0031334.exe (ID = 201362)
    6:35 PM: a0031336.dll (ID = 201361)
    6:35 PM: a0041227.exe (ID = 201362)
    6:35 PM: a0041245.dll (ID = 201361)
    6:35 PM: a0032900.exe (ID = 201362)
    6:35 PM: a0043533.exe (ID = 201362)
    6:35 PM: a0036068.exe (ID = 201362)
    6:35 PM: a0040951.dll (ID = 201361)
    6:35 PM: a0043331.dll (ID = 201361)
    6:35 PM: a0033239.exe (ID = 201362)
    6:35 PM: a0033049.exe (ID = 201362)
    6:35 PM: a0031380.exe (ID = 201362)
    6:35 PM: a0041196.exe (ID = 201362)
    6:35 PM: a0043425.dll (ID = 201361)
    6:35 PM: a0031423.exe (ID = 201362)
    6:35 PM: a0043580.exe (ID = 201362)
    6:35 PM: a0038748.exe (ID = 201362)
    6:35 PM: a0036547.dll (ID = 201361)
    6:35 PM: a0032989.dll (ID = 201363)
    6:35 PM: a0033086.exe (ID = 201366)
    6:35 PM: a0041022.dll (ID = 201361)
    6:36 PM: a0047053.exe (ID = 201362)
    6:36 PM: a0047080.exe (ID = 201362)
    6:36 PM: a0035812.exe (ID = 201362)
    6:36 PM: Found Adware: 180search assistant/zango
    6:36 PM: 180256.mht (ID = 148810)
    6:36 PM: a0036097.dll (ID = 201361)
    6:36 PM: a0050280.exe (ID = 201362)
    6:36 PM: a0050282.dll (ID = 201361)
    6:36 PM: a0050411.dll (ID = 201361)
    6:36 PM: a0050670.dll (ID = 201363)
    6:36 PM: a0051307.dll (ID = 201361)
    6:36 PM: a0050409.exe (ID = 201362)
    6:36 PM: a0051305.exe (ID = 201362)
    6:36 PM: a0049761.dll (ID = 201363)
    6:37 PM: a0050308.exe (ID = 201362)
    6:37 PM: a0051318.dll (ID = 201361)
    6:37 PM: a0050923.dll (ID = 201363)
    6:37 PM: a0050912.dll (ID = 201363)
    6:38 PM: a0033497.dll (ID = 201363)
    6:38 PM: a0049759.exe (ID = 201362)
    6:38 PM: a0038037.exe (ID = 201366)
    6:38 PM: a0046720.dll (ID = 201363)
    6:38 PM: a0051317.dll (ID = 201363)
    6:38 PM: a0033088.dll (ID = 201363)
    6:38 PM: a0032759.exe (ID = 201366)
    6:38 PM: a0035814.dll (ID = 201361)
    6:38 PM: a0038163.exe (ID = 201362)
    6:38 PM: a0038431.dll (ID = 201361)
    6:38 PM: a0041247.exe (ID = 201362)
    6:38 PM: a0036188.exe (ID = 201362)
    6:38 PM: a0038509.dll (ID = 201361)
    6:38 PM: a0036095.exe (ID = 201362)
    6:38 PM: a0033345.exe (ID = 201362)
    6:38 PM: a0033320.exe (ID = 201362)
    6:38 PM: a0036279.exe (ID = 201362)
    6:38 PM: a0033521.exe (ID = 201362)
    6:38 PM: a0036544.exe (ID = 201362)
    6:38 PM: a0032532.exe (ID = 201362)
    6:38 PM: a0036232.exe (ID = 201362)
    6:38 PM: a0036784.dll (ID = 201361)
    6:39 PM: a0036753.dll (ID = 201361)
    6:39 PM: a0033595.exe (ID = 201362)
    6:39 PM: a0038217.exe (ID = 201362)
    6:39 PM: a0038750.dll (ID = 201361)
    6:39 PM: a0038507.exe (ID = 201362)
    6:39 PM: a0037045.dll (ID = 201361)
    6:39 PM: a0032422.exe (ID = 201366)
    6:39 PM: a0051316.exe (ID = 201362)
    6:39 PM: a0040887.exe (ID = 201362)
    6:39 PM: a0038478.dll (ID = 201361)
    6:39 PM: a0037696.dll (ID = 201361)
    6:39 PM: Found Adware: elitemediagroup-pop64
    6:39 PM: a0033154.exe (ID = 185455)
    6:39 PM: a0050081.dll (ID = 201363)
    6:39 PM: a0033689.exe (ID = 201362)
    6:39 PM: a0037694.exe (ID = 201362)
    6:39 PM: a0037043.exe (ID = 201362)
    6:39 PM: a0036782.exe (ID = 201362)
    6:39 PM: a0036749.exe (ID = 201362)
    6:39 PM: a0038429.exe (ID = 201362)
    6:39 PM: a0041246.dll (ID = 201363)
    6:39 PM: a0044586.dll (ID = 201363)
    6:39 PM: a0037103.dll (ID = 201361)
    6:39 PM: a0049432.exe (ID = 201362)
    6:39 PM: a0032656.dll (ID = 201363)
    6:39 PM: a0049484.dll (ID = 201361)
    6:40 PM: a0037820.dll (ID = 201363)
    6:40 PM: a0032704.exe (ID = 201366)
    6:40 PM: a0024898.dll (ID = 201363)
    6:40 PM: a0031381.dll (ID = 201363)
    6:40 PM: a0050239.dll (ID = 201363)
    6:40 PM: a0032533.dll (ID = 201363)
    6:40 PM: a0032706.dll (ID = 201363)
    6:40 PM: a0046686.dll (ID = 201363)
    6:40 PM: a0033690.dll (ID = 201363)
    6:40 PM: a0046792.dll (ID = 201363)
    6:40 PM: a0036280.dll (ID = 201363)
    6:40 PM: a0038476.exe (ID = 201362)
    6:40 PM: a0038109.dll (ID = 201363)
    6:40 PM: a0050309.dll (ID = 201363)
    6:40 PM: a0037194.dll (ID = 201361)
    6:40 PM: a0037580.dll (ID = 201361)
    6:40 PM: a0050911.exe (ID = 201362)
    6:40 PM: a0033567.exe (ID = 201362)
    6:40 PM: a0050924.dll (ID = 201361)
    6:40 PM: a0032762.dll (ID = 201363)
    6:41 PM: a0033321.dll (ID = 201363)
    6:41 PM: a0030507.exe (ID = 201362)
    6:41 PM: a0030509.dll (ID = 201361)
    6:41 PM: a0032587.exe (ID = 185456)
    6:41 PM: a0046831.dll (ID = 201363)
    6:41 PM: a0043333.exe (ID = 201362)
    6:41 PM: a0043427.exe (ID = 201362)
    6:41 PM: a0050281.dll (ID = 201363)
    6:41 PM: a0037555.dll (ID = 201361)
    6:41 PM: a0032899.exe (ID = 201366)
    6:41 PM: a0037695.dll (ID = 201363)
    6:41 PM: a0032486.exe (ID = 201366)
    6:41 PM: a0032901.dll (ID = 201363)
    6:41 PM: a0046973.exe (ID = 201366)
    6:41 PM: a0040948.exe (ID = 201366)
    6:41 PM: a0044584.exe (ID = 201366)
    6:41 PM: a0032484.dll (ID = 201363)
    6:41 PM: a0033347.dll (ID = 201361)
    6:41 PM: a0050725.dll (ID = 201361)
    6:41 PM: a0046718.exe (ID = 201366)
    6:41 PM: a0036070.dll (ID = 201361)
    6:41 PM: a0050723.exe (ID = 201362)
    6:41 PM: a0046975.dll (ID = 201363)
    6:41 PM: a0032990.dll (ID = 201361)
    6:41 PM: a0033104.exe (ID = 201362)
    6:41 PM: a0033106.dll (ID = 201361)
    6:41 PM: a0036234.dll (ID = 201361)
    6:42 PM: a0033089.dll (ID = 201361)
    6:42 PM: a0033105.dll (ID = 201363)
    6:42 PM: a0050671.dll (ID = 201361)
    6:42 PM: a0033240.dll (ID = 201363)
    6:42 PM: a0033323.dll (ID = 201361)
    6:42 PM: a0047016.dll (ID = 201363)
    6:42 PM: a0031335.dll (ID = 201363)
    6:42 PM: a0033238.exe (ID = 201366)
    6:42 PM: a0033498.dll (ID = 201361)
    6:42 PM: a0040950.dll (ID = 201363)
    6:42 PM: a0033241.dll (ID = 201361)
    6:42 PM: a0050669.exe (ID = 201362)
    6:42 PM: a0037634.ocx (ID = 187157)
    6:42 PM: a0038165.dll (ID = 201361)
    6:42 PM: a0033520.exe (ID = 201366)
    6:42 PM: a0040888.dll (ID = 201363)
    6:42 PM: a0038749.dll (ID = 201363)
    6:42 PM: a0050724.dll (ID = 201363)
    6:42 PM: a0032483.dll (ID = 201361)
    6:42 PM: a0049481.exe (ID = 201362)
    6:42 PM: a0032423.exe (ID = 201362)
    6:43 PM: a0036190.dll (ID = 201361)
    6:43 PM: a0033051.dll (ID = 201361)
    6:43 PM: a0032425.dll (ID = 201361)
    6:43 PM: a0037553.exe (ID = 201362)
    6:43 PM: a0032988.exe (ID = 201362)
    6:43 PM: a0050922.exe (ID = 201362)
    6:43 PM: a0040889.dll (ID = 201361)
    6:43 PM: a0049482.dll (ID = 201363)
    6:43 PM: a0038107.exe (ID = 201366)
    6:43 PM: a0033087.exe (ID = 201362)
    6:43 PM: a0033598.dll (ID = 201361)
    6:43 PM: a0033382.exe (ID = 201362)
    6:43 PM: a0033496.exe (ID = 201362)
    6:43 PM: a0024889.dll (ID = 150806)
    6:43 PM: a0033346.dll (ID = 201363)
    6:43 PM: a0033384.dll (ID = 201361)
    6:43 PM: a0037775.dll (ID = 201361)
    6:44 PM: a0049784.dll (ID = 201363)
    6:44 PM: a0049433.dll (ID = 201363)
    6:44 PM: a0036545.dll (ID = 201363)
    6:44 PM: a0050236.exe (ID = 201366)
    6:44 PM: a0037774.dll (ID = 201363)
    6:44 PM: a0036094.exe (ID = 201366)
    6:44 PM: a0035811.exe (ID = 201366)
    6:44 PM: a0024933.exe (ID = 146393)
    6:44 PM: a0024896.exe (ID = 201366)
    6:44 PM: a0024935.exe (ID = 146393)
    6:44 PM: a0036281.dll (ID = 201361)
    6:44 PM: a0026727.cpl (ID = 150831)
    6:44 PM: a0046829.exe (ID = 201366)
    6:44 PM: a0037191.exe (ID = 201366)
    6:44 PM: a0026728.dll (ID = 150833)
    6:44 PM: a0037576.exe (ID = 201366)
    6:44 PM: justin.exe (ID = 214055)
    6:44 PM: a0038508.dll (ID = 201363)
    6:45 PM: a0031424.dll (ID = 201363)
    6:45 PM: a0037193.dll (ID = 201363)
    6:45 PM: a0038428.exe (ID = 201366)
    6:45 PM: a0033383.dll (ID = 201363)
    6:45 PM: a0043534.dll (ID = 201363)
    6:45 PM: a0036783.dll (ID = 201363)
    6:45 PM: a0047289.dll (ID = 201363)
    6:45 PM: a0035778.dll (ID = 201363)
    6:45 PM: a0038164.dll (ID = 201363)
    6:45 PM: a0038430.dll (ID = 201363)
    6:45 PM: a0037102.dll (ID = 201363)
    6:45 PM: a0036189.dll (ID = 201363)
    6:45 PM: a0043426.dll (ID = 201363)
    6:45 PM: a0036750.dll (ID = 201363)
    6:45 PM: a0030508.dll (ID = 201363)
    6:45 PM: a0038477.dll (ID = 201363)
    6:45 PM: a0041155.exe (ID = 201366)
    6:45 PM: a0047052.exe (ID = 201366)
    6:45 PM: a0037044.dll (ID = 201363)
    6:45 PM: a0033692.dll (ID = 201361)
    6:45 PM: a0037101.exe (ID = 201362)
    6:45 PM: a0037192.exe (ID = 201362)
    6:45 PM: a0037578.exe (ID = 201362)
    6:45 PM: a0037744.dll (ID = 201361)
    6:46 PM: a0050639.exe (ID = 201366)
    6:46 PM: a0038111.dll (ID = 201361)
    6:46 PM: a0037552.exe (ID = 201366)
    6:46 PM: a0033688.exe (ID = 201366)
    6:46 PM: a0033569.dll (ID = 201361)
    6:46 PM: a0024897.exe (ID = 201362)
    6:46 PM: a0038219.dll (ID = 201361)
    6:46 PM: a0032424.dll (ID = 201363)
    6:46 PM: a0033050.dll (ID = 201363)
    6:46 PM: a0049430.exe (ID = 201366)
    6:47 PM: a0041021.dll (ID = 201363)
    6:47 PM: a0037743.dll (ID = 201363)
    6:47 PM: a0031422.exe (ID = 201366)
    6:48 PM: a0035813.dll (ID = 201363)
    6:48 PM: a0036096.dll (ID = 201363)
    6:48 PM: a0050722.exe (ID = 201366)
    6:48 PM: a0050667.exe (ID = 201366)
    6:48 PM: a0050410.dll (ID = 201363)
    6:48 PM: a0050920.exe (ID = 201366)
    6:48 PM: a0033522.dll (ID = 201363)
    6:48 PM: a0037635.inf (ID = 187156)
    6:48 PM: a0041157.dll (ID = 201363)
    6:49 PM: a0050909.exe (ID = 201366)
    6:49 PM: a0037742.exe (ID = 201362)
    6:49 PM: a0051304.exe (ID = 201366)
    6:49 PM: a0031379.exe (ID = 201366)
    6:49 PM: a0043332.dll (ID = 201363)
    6:49 PM: a0047287.exe (ID = 201366)
    6:49 PM: a0046683.exe (ID = 201366)
    6:50 PM: a0049758.exe (ID = 201366)
    6:50 PM: a0037579.dll (ID = 201363)
    6:50 PM: a0043581.dll (ID = 201363)
    6:50 PM: a0038218.dll (ID = 201363)
    6:50 PM: a0043334.exe (ID = 201366)
    6:50 PM: a0036233.dll (ID = 201363)
    6:50 PM: a0033568.dll (ID = 201363)
    6:50 PM: a0026726.exe (ID = 198418)
    6:50 PM: a0043579.exe (ID = 201366)
    6:50 PM: a0036067.exe (ID = 201366)
    6:50 PM: a0040886.exe (ID = 201366)
    6:50 PM: a0049480.exe (ID = 201366)
    6:50 PM: a0043428.exe (ID = 201366)
    6:50 PM: Found Adware: mirar webband
    6:50 PM: a0031365.dll (ID = 185460)
    6:50 PM: a0038506.exe (ID = 201366)
    6:50 PM: a0037741.exe (ID = 201366)
    6:50 PM: a0041226.exe (ID = 201366)
    6:51 PM: a0037772.exe (ID = 201366)
    6:51 PM: a0024936.dll (ID = 155302)
    6:51 PM: a0050307.exe (ID = 201366)
    6:51 PM: a0024934.exe (ID = 155879)
    6:51 PM: a0037817.exe (ID = 201366)
    6:51 PM: a0032586.dll (ID = 167068)
    6:51 PM: a0038850.exe (ID = 201366)
    6:51 PM: a0047079.exe (ID = 201366)
    6:51 PM: a0050278.exe (ID = 201366)
    6:51 PM: a0038162.exe (ID = 201366)
    6:51 PM: a0036187.exe (ID = 201366)
    6:51 PM: a0041195.exe (ID = 201366)
    6:51 PM: a0043532.exe (ID = 201366)
    6:51 PM: a0032987.exe (ID = 201366)
    6:51 PM: a0037100.exe (ID = 201366)
    6:51 PM: a0036781.exe (ID = 201366)
    6:51 PM: a0047014.exe (ID = 201366)
    6:51 PM: a0038215.exe (ID = 201366)
    6:51 PM: a0041019.exe (ID = 201366)
    6:51 PM: a0036277.exe (ID = 201366)
    6:51 PM: a0033566.exe (ID = 201366)
    6:52 PM: a0035776.exe (ID = 201366)
    6:52 PM: a0041228.dll (ID = 201363)
    6:52 PM: a0033594.exe (ID = 201366)
    6:52 PM: Found Adware: purityscan
    6:52 PM: yoinsi.exe (ID = 213483)
    6:52 PM: a0033574.exe (ID = 213484)
    6:53 PM: a0032654.exe (ID = 201366)
    6:53 PM: a0032485.exe (ID = 201362)
    6:53 PM: a0032531.exe (ID = 201366)
    6:53 PM: a0033048.exe (ID = 201366)
    6:53 PM: a0033103.exe (ID = 201366)
    6:53 PM: a0037042.exe (ID = 201366)
    6:54 PM: a0036543.exe (ID = 201366)
    6:54 PM: a0050408.exe (ID = 201366)
    6:54 PM: a0036069.dll (ID = 201363)
    6:54 PM: a0047081.dll (ID = 201363)
    6:54 PM: a0041197.dll (ID = 201363)
    6:54 PM: vkypw.dat (ID = 201366)
    6:54 PM: a0033344.exe (ID = 201366)
    6:54 PM: a0030088.dll (ID = 205457)
    6:54 PM: a0031333.exe (ID = 201366)
    6:54 PM: a0038039.dll (ID = 201363)
    6:54 PM: a0041248.exe (ID = 201366)
    6:55 PM: a0049782.exe (ID = 201366)
    6:55 PM: a0038475.exe (ID = 201366)
    6:55 PM: a0033380.exe (ID = 201366)
    6:55 PM: a0024888.exe (ID = 211200)
    6:55 PM: a0037693.exe (ID = 201366)
    6:55 PM: a0036231.exe (ID = 201366)
    6:56 PM: a0033319.exe (ID = 201366)
    6:56 PM: a0046790.exe (ID = 201366)
    6:56 PM: a0037856.dll (ID = 157832)
    6:56 PM: a0033495.exe (ID = 201366)
    6:56 PM: a0035997.exe (ID = 185463)
    6:56 PM: a0030506.exe (ID = 201366)
    6:57 PM: cdbfjkv.exe (ID = 201362)
    6:57 PM: lwkfk.dll (ID = 201361)
    6:57 PM: kcowpy.exe (ID = 201366)
    6:57 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winsync (ID = 0)
    6:57 PM: anueiqp.dll (ID = 201363)
    6:57 PM: Found Adware: netwebsearch
    6:57 PM: stup2-2.exe (ID = 198452)
    6:57 PM: ijqx.exe (ID = 201366)
    6:58 PM: a0038534.inf (ID = 70515)
    6:58 PM: Found System Monitor: potentially rootkit-masked files
    6:58 PM: 00015273. (ID = 0)
    6:58 PM: 00015284. (ID = 0)
    6:58 PM: Warning: Unhandled Archive Type
    6:59 PM: File Sweep Complete, Elapsed Time: 00:27:56
    6:59 PM: Full Sweep has completed. Elapsed time 00:34:26
    6:59 PM: Traces Found: 482
    7:07 PM: Removal process initiated
    7:08 PM: Quarantining All Traces: 180search assistant/zango
    7:08 PM: Quarantining All Traces: clkoptimizer
    7:10 PM: clkoptimizer is in use. It will be removed on reboot.
    7:10 PM: lwkfk.dll is in use. It will be removed on reboot.
    7:10 PM: kcowpy.exe is in use. It will be removed on reboot.
    7:10 PM: anueiqp.dll is in use. It will be removed on reboot.
    7:10 PM: C:\WINNT\system32\anueiqp.dll is in use. It will be removed on reboot.
    7:10 PM: C:\WINNT\system32\lwkfk.dll is in use. It will be removed on reboot.
    7:10 PM: C:\WINNT\system32\kcowpy.exe is in use. It will be removed on reboot.
    7:10 PM: Quarantining All Traces: potentially rootkit-masked files
    7:10 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
    7:10 PM: 00015273. is in use. It will be removed on reboot.
    7:10 PM: 00015284. is in use. It will be removed on reboot.
    7:10 PM: Quarantining All Traces: purityscan
    7:10 PM: Quarantining All Traces: e2g
    7:10 PM: Quarantining All Traces: elitemediagroup-pop64
    7:10 PM: Quarantining All Traces: ezula ilookup
    7:10 PM: Quarantining All Traces: mirar webband
    7:10 PM: Quarantining All Traces: netwebsearch
    7:10 PM: Quarantining All Traces: 360i cookie
    7:10 PM: Quarantining All Traces: 888 cookie
    7:10 PM: Quarantining All Traces: about cookie
    7:10 PM: Quarantining All Traces: adknowledge cookie
    7:10 PM: Quarantining All Traces: adlegend cookie
    7:10 PM: Quarantining All Traces: ask cookie
    7:10 PM: Quarantining All Traces: atwola cookie
    7:10 PM: Quarantining All Traces: azjmp cookie
    7:10 PM: Quarantining All Traces: belnk cookie
    7:10 PM: Quarantining All Traces: bizrate cookie
    7:10 PM: Quarantining All Traces: classmates cookie
    7:10 PM: Quarantining All Traces: clickandtrack cookie
    7:10 PM: Quarantining All Traces: exitexchange cookie
    7:10 PM: Quarantining All Traces: go.com cookie
    7:10 PM: Quarantining All Traces: hbmediapro cookie
    7:10 PM: Quarantining All Traces: nextag cookie
    7:10 PM: Quarantining All Traces: partypoker cookie
    7:10 PM: Quarantining All Traces: primaryads cookie
    7:10 PM: Quarantining All Traces: realmedia cookie
    7:10 PM: Quarantining All Traces: rn11 cookie
    7:10 PM: Quarantining All Traces: server.iad.liveperson cookie
    7:10 PM: Quarantining All Traces: statcounter cookie
    7:10 PM: Quarantining All Traces: trb.com cookie
    7:10 PM: Quarantining All Traces: yieldmanager cookie
    7:10 PM: Warning: Launched explorer.exe
    7:10 PM: Warning: Quarantine process could not restart Explorer.
    7:10 PM: Preparing to restart your computer. Please wait...
    7:10 PM: Removal process completed. Elapsed time 00:02:29
    ********
    6:23 PM: | Start of Session, Thursday, January 26, 2006 |
    6:23 PM: Spy Sweeper started
    6:23 PM: Your spyware definitions have been updated.
    6:25 PM: | End of Session, Thursday, January 26, 2006 |
     
  7. Rai

    Rai Thread Starter

    Joined:
    Jan 21, 2006
    Messages:
    4
    Logfile of HijackThis v1.99.1
    Scan saved at 2:45:47 AM, on 1/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\System32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\AOL\1119665504\ee\AOLSoftware.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINNT\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119665504\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_840/sdcregie.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119805507385
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D825389F-CBAC-4179-BC49-6CC21F26AF9D}: NameServer = 68.94.156.1,68.94.157.1
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:18:49 PM, 1/26/2006
    + Report-Checksum: FD4F9DE5

    + Scan result:

    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\RECYCLER\NPROTECT\00681822.exe -> Downloader.Qoologic.aw : Cleaned with backup
    C:\RECYCLER\NPROTECT\00681823.exe -> Downloader.Qoologic.aw : Cleaned with backup
    C:\RECYCLER\NPROTECT\00681825.dat -> Downloader.Qoologic.aw : Cleaned with backup
    C:\RECYCLER\NPROTECT\00681827.exe -> Dropper.Agent.abb : Cleaned with backup
    C:\System Volume Information\_restore{1920DD05-C3B3-4337-B7AE-8CBB7597E6CD}\RP346\A0038533.dll -> Spyware.180Solutions : Cleaned with backup
    C:\System Volume Information\_restore{1920DD05-C3B3-4337-B7AE-8CBB7597E6CD}\RP346\A0038536.exe -> Spyware.180Solutions : Cleaned with backup


    ::Report End

    Incident Status Location

    Adware:adware program Not disinfected C:\WINNT\SYSTEM32\data.~
    Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    ~~I tried to go to the link in your second reply, but the page could not be found. Also did not work with copy/paste.

    Thanks!
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
    o Save it to the Desktop.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\WINNT\SYSTEM32\data.



    * Go to Control Panel > Java. On the General tab under Temporary Internet
    Files" click the "Delete Files" button to clear the Java cache.


    * Go to Control Panel > Internet Options. On the General tab under
    "Temporary Internet Files" Click "Delete Files". Put a check by "Delete
    Offline Content" and click OK. Click on the "Delete Cookies" button to clear
    the cookies.


    reboot back to normal mode!


    Double click on 'Track qoo.vbs'

    Note - If you have an anti-virus program that has script blocking features,
    you will get a pop up window asking you what to do. Allow this entire script
    to run. It's harmless.




    go to this site and download these tools and once you get both
    adaware Se 1.6 and spybot, update both of them.

    Set adaware to do a full system scan and deselect, "search for neglible risk
    entries". Click next to start the scan. Delete everything adaware finds.

    reboot and now run spybot

    Spybot: Search and destroy.

    Delete what spybot finds marked in red. After updating spybot hit the
    immunize button.

    reboot again


    With CWshredder close all browsers and programmes and select the FIX button.



    Go here and download Microsoft Antispyware Beta. First in the top menu click
    File then Check for updates to download the definitons updates.

    After updating look in the right side of the main window under "Run Quick
    Scan Now" and click Spyware scan options. In that window put a tick by Run a
    full system scan and then put a check by all three options below that then
    click Run Scan now.

    When the scan is finished, let it fix anything that it finds (have it
    quarantine the items that have that option rather than delete just in case.
    It is a beta program and there may be false positives)

    Restart your computer.


    All tools can be downloaded at the link below and found on that page!


    . Microsoft® Windows AntiSpyware
    . Trend micro CWShredder
    . SpyBot search and destroy
    . AdAware SE personal


    http://www.majorgeeks.com/downloads31.html



    post another log and the track qoo log!
     
  9. jasonsimpson

    jasonsimpson

    Joined:
    Jan 29, 2006
    Messages:
    6
    Same problem... here's the scan

    Logfile of HijackThis v1.99.1
    Scan saved at 5:19:06 PM, on 1/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\swinksap.exe
    C:\WINDOWS\system32\hpsw.exe
    C:\WINDOWS\system32\wgse.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\bama\tlii.exe
    C:\WINDOWS\system32\m?hta.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\windows\system32\dwdsregt.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jason Simpson\My Documents\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {4FE94097-AE2B-F0A2-0593-F64A3DFFFEE9} - C:\WINDOWS\system32\tqfhudkw.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
    O2 - BHO: (no name) - {4FE94097-AE2B-F0A2-0593-F64A3DFFFEE9} - C:\WINDOWS\system32\tqfhudkw.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
    O4 - HKLM\..\Run: [{91-10-05-57-ZN}] c:\windows\system32\dwdsregt.exe FI002
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinksap.exe FI002
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sxglpg.exe reg_run
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt yazb
    O4 - HKCU\..\Run: [Izk] C:\WINDOWS\system32\m?hta.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\RECYCLER\NPROTECT\00427045.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinksap.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\rjdsrego.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?ec92711b5111466a9d51ae566e147cd
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?ec92711b5111466a9d51ae566e147cd
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123000568418
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435864

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice