WildTangent/anything else? Pls HJT Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
Long story short . . . I have been advised by HP to do a non-destructive system recovery to take care of the problems that I'm having with my computer in one easy step. I would do it in a heartbeat if I didn't have 1,300 songs on my computer . . . most of them in category folders. I know that I'm not really supposed to lose my files, but I understand that they can be moved around. I've been putting this off for about 2 months.

My two error messages are:

"The Norton AntiVirus Auto-Protect Driver Could Not Be Loaded. Please Restart Your Computer."

"C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll. The specified module could not be found."

I can't sign in to my ISP, which is MSN.

Here is my HJT Log, can I fix it without losing everything?

PLEEEEEZE Help...and please remember, I am learning, so be kind w/directions ;)

Logfile of HijackThis v1.99.1
Scan saved at 7:35:39 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {C5AD4D41-6412-09FD-7E7E-186E79889495} - C:\WINDOWS\Abjgjajp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EE4501B4-85B1-89FD-5FC2-25D014E8A1F9} - C:\WINDOWS\Abjgjajp.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Search - {74182862-8396-E602-DD0A-1A2D16F22938} - C:\WINDOWS\Abjgjajp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poyryr.exe reg_run
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
before wiping it out try this

1st uninstall M$ antispyware and freedom protector from add/remove programs then reboot then

In my experience freedom & norton don't work well together and I've seen lots of problems with them

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • [*]Sweep Memory
      [*]Sweep Registry
      [*]Sweep Cookies
      [*]Sweep All User Accounts
      [*]Enable Direct Disk Sweeping
      [*]Sweep Contents of Compressed Files
      [*]Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
Thanks DVK, your on the ball this morning, that was quick! I can't get to it till later this evening , I am at work :( As soon as I am able I will follow your instructions and repost.

Thanks again and kindest regards!
Christine
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
cj2448:

Unless you're doing on-line gaming, you don't really need Wild Tangent and can get rid of it. If it's not listed in Add/Remove Programs in the Control Panel so you can uninstall it, go into the C:\Program Files folder and delete its folder.

--------------------------------------------------------------------------------------

You've got LimeWire installed and running in the background, so you're leaving your computer wide open to all kinds of infections. Get rid of it.

--------------------------------------------------------------------------------------

HP Share To Web isn't needed, so get rid of it. Go to Add/Remove Programs and uninstall it, then delete its folder from inside the C:\Program Files\Hewlett Packard folder.

--------------------------------------------------------------------------------------

There are several programs running in the background that don't need to be and should be disabled from doing so. We can deal with that later though.

--------------------------------------------------------------------------------------
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
Here are the 2 logs, may have to paste into 2-3 replys:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:23 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - {C5AD4D41-6412-09FD-7E7E-186E79889495} - C:\WINDOWS\Abjgjajp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EE4501B4-85B1-89FD-5FC2-25D014E8A1F9} - C:\WINDOWS\Abjgjajp.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Search - {74182862-8396-E602-DD0A-1A2D16F22938} - C:\WINDOWS\Abjgjajp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poyryr.exe reg_run
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{139E337E-3E6B-461F-AA95-8043E366FB8B}: NameServer = 205.171.3.65 205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{139E337E-3E6B-461F-AA95-8043E366FB8B}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
9:45 AM: Found Adware: lopdotcom
9:45 AM: axajksww.exe (ID = 147722)
9:45 AM: jidbcsmoi.ftq (ID = 164416)
9:45 AM: hrcgtsozn.jva (ID = 158998)
9:45 AM: vykliobscgt.oor (ID = 164350)
9:45 AM: ncftvvyqkgd.sgi (ID = 159040)
9:45 AM: vsfmanyux.wsi (ID = 164357)
9:45 AM: cpvzkkt.mkx (ID = 159013)
9:45 AM: ushydcuz.eax (ID = 159017)
9:45 AM: gaphkfqlumg.sij (ID = 159027)
9:45 AM: pumovksjdzj.jab (ID = 158991)
9:45 AM: qbeczkqxu.qdh (ID = 164392)
9:45 AM: ljqlvoiw.piq (ID = 159005)
9:45 AM: bmxzvpg.ina (ID = 159030)
9:45 AM: rkcvyovegjz.qtv (ID = 159004)
9:45 AM: ulfrllzp.muy (ID = 159003)
9:45 AM: cpgxirt.mwp (ID = 158995)
9:45 AM: sddgyywvufg.ygt (ID = 159020)
9:45 AM: amswpjgz.nll (ID = 159037)
9:45 AM: yotcjjjmxbf.mpz (ID = 159016)
9:45 AM: khfkknvvhe.hiz (ID = 164403)
9:45 AM: wabhntut.vnc (ID = 164398)
9:45 AM: dszpprzcx.mfv (ID = 164380)
9:45 AM: mgdscxtgie.qtb (ID = 158988)
9:45 AM: hwyuaaccr.ehv (ID = 164351)
9:45 AM: sfbhhzdzbo.qqt (ID = 159047)
9:45 AM: dkvmvjxc.jwr (ID = 159045)
9:45 AM: bnotebgumbj.fst (ID = 159060)
9:45 AM: edtbbqw.azx (ID = 158986)
9:45 AM: tnytzhjjlvi.xue (ID = 164361)
9:45 AM: pyqurreixx.etu (ID = 164410)
9:45 AM: zjkycdfs.zio (ID = 159024)
9:45 AM: hmqeyrqalll.ghh (ID = 159019)
9:45 AM: zxosoxgtw.yhy (ID = 159056)
9:45 AM: qlkkuma.vrt (ID = 159014)
9:45 AM: pxhyswbvgqz.iea (ID = 159058)
9:45 AM: bidwioamz.uzs (ID = 164404)
9:45 AM: mollrdcp.idb (ID = 164372)
9:45 AM: udzkomubfs.gdh (ID = 164377)
9:45 AM: gzueappoq.rqz (ID = 159028)
9:45 AM: ldantwyqzxz.gem (ID = 159061)
9:45 AM: pbwgchubyl.zda (ID = 164354)
9:45 AM: bgqnlgwf.row (ID = 159012)
9:45 AM: dqhrwuggxij.ivz (ID = 159025)
9:45 AM: acwrqdfx.zvk (ID = 164373)
9:45 AM: mpcjszbkj.vsn (ID = 164390)
9:45 AM: tmdoxwqk.cyz (ID = 164342)
9:45 AM: onsnntrl.nkk (ID = 159026)
9:45 AM: eklzalsp.yih (ID = 164415)
9:45 AM: uahrvfzzfxd.izj (ID = 159018)
9:45 AM: qctrvnfcyld.rmn (ID = 158994)
9:45 AM: gjnssvldrd.tfc (ID = 164408)
9:45 AM: xglafajtnop.lgg (ID = 159031)
9:45 AM: bsuyrwmwink.xgg (ID = 159035)
9:45 AM: fcdmucitwx.yko (ID = 158987)
9:45 AM: trwwvpv.wfo (ID = 159052)
9:45 AM: fdzpzjsx.knc (ID = 159038)
9:45 AM: lpeqlkw.rxf (ID = 159001)
9:45 AM: wxvdoclzg.ggp (ID = 159051)
9:45 AM: spxznmdr.zxj (ID = 164367)
9:45 AM: tyatlmbzjjr.xvs (ID = 158990)
9:45 AM: jpdrdyre.sph (ID = 159029)
9:45 AM: waizfqrq.vlw (ID = 159010)
9:45 AM: jqqbbjwq.fvo (ID = 159015)
9:45 AM: zfhbcyq.oim (ID = 159046)
9:45 AM: qrrvjove.ayn (ID = 159059)
9:45 AM: xjvoafus.mcu (ID = 159023)
9:45 AM: oabxgdrc.qgo (ID = 164344)
9:45 AM: dllxgcqcn.qth (ID = 158997)
9:46 AM: gukgygqm.xfb (ID = 164348)
9:46 AM: wuauclt.dll (ID = 143665)
9:47 AM: Found Adware: hotbar
9:47 AM: f118050a-55ac-43c3-b1da-bf17aa (ID = 62344)
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:50 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:51 AM: Warning: Invalid file - not a PKZip file
9:52 AM: File Sweep Complete, Elapsed Time: 00:32:37
9:52 AM: Full Sweep has completed. Elapsed time 00:39:48
9:52 AM: Traces Found: 624
9:55 AM: Removal process initiated
9:57 AM: Quarantining All Traces: lopdotcom
9:57 AM: Quarantining All Traces: websearch toolbar
9:57 AM: Quarantining All Traces: clkoptimizer
9:57 AM: clkoptimizer is in use. It will be removed on reboot.
9:57 AM: wuauclt.dll is in use. It will be removed on reboot.
9:57 AM: Quarantining All Traces: trojan downloader matcash
9:57 AM: Quarantining All Traces: 180search assistant/zango
9:57 AM: Quarantining All Traces: begin2search
9:57 AM: Quarantining All Traces: bookedspace
9:58 AM: Quarantining All Traces: delfin
9:58 AM: Quarantining All Traces: exact navisearch
9:58 AM: Quarantining All Traces: hotbar
9:58 AM: Quarantining All Traces: isearch toolbar
9:58 AM: Quarantining All Traces: mirar webband
9:58 AM: Quarantining All Traces: ps2
9:58 AM: Quarantining All Traces: shopathomeselect
9:58 AM: Quarantining All Traces: winad
9:58 AM: Quarantining All Traces: zquest
9:58 AM: Quarantining All Traces: 2o7.net cookie
9:58 AM: Quarantining All Traces: about cookie
9:58 AM: Quarantining All Traces: addynamix cookie
9:58 AM: Quarantining All Traces: adknowledge cookie
9:58 AM: Quarantining All Traces: adlegend cookie
9:58 AM: Quarantining All Traces: adrevolver cookie
9:58 AM: Quarantining All Traces: adserver cookie
9:58 AM: Quarantining All Traces: advertising cookie
9:58 AM: Quarantining All Traces: ask cookie
9:58 AM: Quarantining All Traces: atlas dmt cookie
9:58 AM: Quarantining All Traces: atwola cookie
9:58 AM: Quarantining All Traces: azjmp cookie
9:58 AM: Quarantining All Traces: banner cookie
9:58 AM: Quarantining All Traces: casalemedia cookie
9:58 AM: Quarantining All Traces: classmates cookie
9:58 AM: Quarantining All Traces: clickandtrack cookie
9:58 AM: Quarantining All Traces: enhance cookie
9:58 AM: Quarantining All Traces: exitexchange cookie
9:58 AM: Quarantining All Traces: falkag cookie
9:58 AM: Quarantining All Traces: fastclick cookie
9:58 AM: Quarantining All Traces: go.com cookie
9:58 AM: Quarantining All Traces: hbmediapro cookie
9:58 AM: Quarantining All Traces: hotbar cookie
9:58 AM: Quarantining All Traces: overture cookie
9:58 AM: Quarantining All Traces: partypoker cookie
9:58 AM: Quarantining All Traces: pointroll cookie
9:58 AM: Quarantining All Traces: realmedia cookie
9:58 AM: Quarantining All Traces: revenue.net cookie
9:58 AM: Quarantining All Traces: rn11 cookie
9:58 AM: Quarantining All Traces: ru4 cookie
9:58 AM: Quarantining All Traces: specificclick.com cookie
9:58 AM: Quarantining All Traces: trafficmp cookie
9:58 AM: Quarantining All Traces: webtrendslive cookie
9:58 AM: Quarantining All Traces: yieldmanager cookie
9:58 AM: Quarantining All Traces: zedo cookie
10:01 AM: Preparing to restart your computer. Please wait...
10:01 AM: Removal process completed. Elapsed time 00:05:53
********
9:08 AM: | Start of Session, Sunday, January 08, 2006 |
9:08 AM: Spy Sweeper started
9:10 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:12 AM: | End of Session, Sunday, January 08, 2006 |
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
9:12 AM: | Start of Session, Sunday, January 08, 2006 |
9:12 AM: Spy Sweeper started
9:12 AM: Sweep initiated using definitions version 556
9:12 AM: Starting Memory Sweep
9:12 AM: Found Adware: clkoptimizer
9:12 AM: Detected running threat: C:\WINDOWS\system32\wuauclt.dll (ID = 143665)
9:18 AM: Memory Sweep Complete, Elapsed Time: 00:06:33
9:18 AM: Starting Registry Sweep
9:19 AM: Found Adware: begin2search
9:19 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
9:19 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
9:19 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
9:19 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
9:19 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
9:19 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
9:19 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
9:19 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
9:19 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
9:19 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
9:19 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
9:19 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
9:19 AM: Found Adware: bookedspace
9:19 AM: HKLM\software\configuration manager\cfgmgr52\ (225 subtraces) (ID = 104873)
9:19 AM: HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 105953)
9:19 AM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106021)
9:19 AM: HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 106049)
9:19 AM: HKLM\software\classes\folder\shellex\columnhandler s\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106116)
9:19 AM: Found Adware: delfin
9:19 AM: HKLM\software\mvu\ (2 subtraces) (ID = 124885)
9:19 AM: Found Adware: winad
9:19 AM: HKCR\appid\mediagateway.exe\ (1 subtraces) (ID = 359541)
9:19 AM: HKLM\software\classes\appid\mediagateway.exe\ (1 subtraces) (ID = 359543)
9:19 AM: HKLM\software\microsoft\windows\currentversion\run \ || winsync (ID = 601545)
9:19 AM: HKLM\software\microsoft\windows\currentversion\int ernet settings\zonemap\domains\net-nucleus.com\ (3 subtraces) (ID = 662284)
9:19 AM: Registry Sweep Complete, Elapsed Time:00:00:26
9:19 AM: Starting Cookie Sweep
9:19 AM: Found Spy Cookie: 2o7.net cookie
9:19 AM: [email protected][1].txt (ID = 1957)
9:19 AM: Found Spy Cookie: about cookie
9:19 AM: [email protected][1].txt (ID = 2037)
9:19 AM: Found Spy Cookie: yieldmanager cookie
9:19 AM: [email protected][1].txt (ID = 3751)
9:19 AM: Found Spy Cookie: adknowledge cookie
9:19 AM: [email protected][2].txt (ID = 2072)
9:19 AM: Found Spy Cookie: adlegend cookie
9:19 AM: [email protected][1].txt (ID = 2074)
9:19 AM: Found Spy Cookie: hbmediapro cookie
9:19 AM: [email protected][2].txt (ID = 2768)
9:19 AM: Found Spy Cookie: hotbar cookie
9:19 AM: [email protected][2].txt (ID = 4207)
9:19 AM: Found Spy Cookie: specificclick.com cookie
9:19 AM: [email protected][1].txt (ID = 3400)
9:19 AM: Found Spy Cookie: adrevolver cookie
9:19 AM: [email protected][1].txt (ID = 2088)
9:19 AM: [email protected][3].txt (ID = 2088)
9:19 AM: Found Spy Cookie: addynamix cookie
9:19 AM: [email protected][1].txt (ID = 2062)
9:19 AM: Found Spy Cookie: pointroll cookie
9:19 AM: [email protected][2].txt (ID = 3148)
9:19 AM: Found Spy Cookie: advertising cookie
9:19 AM: [email protected][2].txt (ID = 2175)
9:19 AM: Found Spy Cookie: falkag cookie
9:19 AM: [email protected][2].txt (ID = 2650)
9:19 AM: [email protected][2].txt (ID = 2650)
9:19 AM: [email protected][2].txt (ID = 2650)
9:19 AM: Found Spy Cookie: ask cookie
9:19 AM: [email protected][1].txt (ID = 2245)
9:19 AM: Found Spy Cookie: atlas dmt cookie
9:19 AM: [email protected][2].txt (ID = 2253)
9:19 AM: Found Spy Cookie: atwola cookie
9:19 AM: [email protected][1].txt (ID = 2255)
9:19 AM: Found Spy Cookie: azjmp cookie
9:19 AM: [email protected][2].txt (ID = 2270)
9:19 AM: Found Spy Cookie: banner cookie
9:19 AM: [email protected][2].txt (ID = 2276)
9:19 AM: Found Spy Cookie: enhance cookie
9:19 AM: [email protected][1].txt (ID = 2614)
9:19 AM: Found Spy Cookie: zedo cookie
9:19 AM: [email protected][1].txt (ID = 3763)
9:19 AM: Found Spy Cookie: casalemedia cookie
9:19 AM: [email protected][2].txt (ID = 2354)
9:19 AM: Found Spy Cookie: classmates cookie
9:19 AM: [email protected][2].txt (ID = 2384)
9:19 AM: Found Spy Cookie: ru4 cookie
9:19 AM: [email protected][2].txt (ID = 3269)
9:19 AM: Found Spy Cookie: exitexchange cookie
9:19 AM: [email protected][2].txt (ID = 2633)
9:19 AM: Found Spy Cookie: fastclick cookie
9:19 AM: [email protected][1].txt (ID = 2651)
9:19 AM: Found Spy Cookie: go.com cookie
9:19 AM: [email protected][2].txt (ID = 2728)
9:19 AM: Found Spy Cookie: clickandtrack cookie
9:19 AM: [email protected][2].txt (ID = 2397)
9:19 AM: [email protected][1].txt (ID = 2652)
9:19 AM: [email protected][1].txt (ID = 1958)
9:19 AM: Found Spy Cookie: overture cookie
9:19 AM: [email protected][1].txt (ID = 3105)
9:19 AM: [email protected][1].txt (ID = 1958)
9:19 AM: Found Spy Cookie: partypoker cookie
9:19 AM: [email protected][2].txt (ID = 3111)
9:19 AM: [email protected][1].txt (ID = 3106)
9:19 AM: [email protected][1].txt (ID = 2729)
9:19 AM: Found Spy Cookie: realmedia cookie
9:19 AM: [email protected][1].txt (ID = 3235)
9:19 AM: Found Spy Cookie: revenue.net cookie
9:19 AM: [email protected][1].txt (ID = 3257)
9:19 AM: Found Spy Cookie: rn11 cookie
9:19 AM: [email protected][2].txt (ID = 3261)
9:19 AM: [email protected][1].txt (ID = 2038)
9:19 AM: Found Spy Cookie: webtrendslive cookie
9:19 AM: [email protected][1].txt (ID = 3667)
9:19 AM: Found Spy Cookie: trafficmp cookie
9:19 AM: [email protected][1].txt (ID = 3581)
9:19 AM: www.disney.go[1].txt">[email protected][1].txt (ID = 2729)
9:19 AM: Found Spy Cookie: adserver cookie
9:19 AM: [email protected][1].txt (ID = 2142)
9:19 AM: [email protected][2].txt (ID = 3762)
9:19 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:19 AM: Starting File Sweep
9:19 AM: c:\windows\cfgmgr52 (69 subtraces) (ID = -2147479590)
9:20 AM: bingo_big3123.ico (ID = 51022)
9:20 AM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
9:20 AM: Found Adware: ps2
9:20 AM: ps2.bat (ID = 72826)
9:21 AM: pinkkas2123.ico (ID = 51041)
9:21 AM: a0131101.dll (ID = 143665)
9:21 AM: Found Adware: exact navisearch
9:21 AM: bbi2.exe (ID = 70387)
9:21 AM: a0132121.dll (ID = 143665)
9:22 AM: 6f88103b-ad98-4e5e-bdbd-b1c3f2 (ID = 143665)
9:22 AM: a0130956.dll (ID = 143665)
9:23 AM: ps2.bat (ID = 72826)
9:23 AM: ps2.bat (ID = 72826)
9:23 AM: ps2.bat (ID = 72826)
9:23 AM: ps2.bat (ID = 72826)
9:23 AM: b1b61c4e-fb18-4df7-a696-b33375 (ID = 143665)
9:23 AM: Found Adware: isearch toolbar
9:23 AM: a0125219.exe (ID = 145831)
9:23 AM: Found Adware: 180search assistant/zango
9:23 AM: npzango.dll (ID = 107552)
9:24 AM: d1a0c10a-9768-4422-9f46-40f1a6 (ID = 143665)
9:24 AM: a98f6cbe-b922-4d69-8e55-d4c30b (ID = 143665)
9:24 AM: f5516252-1ee5-42b5-931e-9f969f (ID = 143665)
9:24 AM: 883543b6-cee8-40b3-9e6a-62f1b2 (ID = 143665)
9:24 AM: 18a2a829-0440-45e3-be10-d1b9bf (ID = 143665)
9:25 AM: 88c0203e-9379-4094-8656-9b1ca3 (ID = 143665)
9:25 AM: 2d0f0b12-6661-4d8e-b157-d884c4 (ID = 143665)
9:25 AM: a0132174.dll (ID = 143665)
9:26 AM: a0125507.dll (ID = 143665)
9:26 AM: a0136170.exe (ID = 145831)
9:27 AM: a69492d7-3da3-40ab-a2f8-9b152d (ID = 143665)
9:28 AM: a0132065.dll (ID = 143665)
9:28 AM: w031319.stub.exe (ID = 150889)
9:28 AM: Found Adware: zquest
9:28 AM: medgs1.exe (ID = 146322)
9:29 AM: dqcrcrm.exe (ID = 146385)
9:29 AM: a0132051.dll (ID = 143665)
9:29 AM: 4f788568-ddf5-4386-8f92-39e893 (ID = 143665)
9:29 AM: pop1a.exe (ID = 121286)
9:29 AM: a0136169.dll (ID = 146381)
9:29 AM: 3772f32d-e8fb-4f80-b683-22e8f2 (ID = 143665)
9:29 AM: a0125218.dll (ID = 146381)
9:30 AM: Found Trojan Horse: trojan downloader matcash
9:30 AM: mc-110-12-0000079.exe (ID = 114247)
9:30 AM: Found Adware: shopathomeselect
9:30 AM: 14l462p1.dat (ID = 121494)
9:30 AM: 11da8a8f-af83-49db-b8f7-fc8ff9 (ID = 143665)
9:30 AM: a0132293.dll (ID = 143665)
9:31 AM: Found Adware: mirar webband
9:31 AM: a0136006.exe (ID = 158984)
9:31 AM: a0129910.lli (ID = 164348)
9:32 AM: lnktkto.dll (ID = 146387)
9:32 AM: a3e62767-c294-452a-841a-69b76f (ID = 143665)
9:35 AM: 8aab0525-e0a4-408a-8cb4-421066 (ID = 75611)
9:35 AM: a0132256.dll (ID = 143665)
9:36 AM: fdcb91fb-56c9-401a-bfca-8e1c78 (ID = 143665)
9:36 AM: a0125117.dll (ID = 143665)
9:37 AM: 4b9922e6-eb98-40c3-bee1-132088 (ID = 146391)
9:37 AM: 949b17f7-2cc9-4088-ba02-ada6a7 (ID = 146391)
9:37 AM: a0131226.dll (ID = 143665)
9:38 AM: ps2.bat (ID = 72826)
9:38 AM: ps2.exe (ID = 72826)
9:38 AM: cc315971-da81-47ad-ac84-56d251 (ID = 159067)
9:38 AM: bs7beta.exe (ID = 147554)
9:38 AM: a0136254.lli (ID = 164348)
9:39 AM: Found Adware: websearch toolbar
9:39 AM: edowst3.exe (ID = 129643)
9:39 AM: ed55ddd8-efa0-458c-9434-9827bf (ID = 143665)
9:40 AM: 7afe4517-a1f5-4ab8-a4fc-4dbb56 (ID = 146391)
9:40 AM: 876056.exe (ID = 158984)
9:41 AM: a0132236.dll (ID = 143665)
9:42 AM: d50f0788-143f-40a6-ad1f-1eed82 (ID = 143665)
9:44 AM: 98f06753-b978-4da2-89ec-918a67 (ID = 143665)
9:44 AM: a0136708.bcf (ID = 164372)
9:44 AM: a0132092.bcf (ID = 164372)
9:44 AM: 60eabd34-a127-4d7c-b284-7831b5 (ID = 143665)
9:44 AM: ixdgnoyoh.amo (ID = 159020)
9:44 AM: a628cf5e-7c79-4c8b-a5b4-b949bc (ID = 143665)
9:44 AM: vgactl.cpl (ID = 143664)
9:45 AM: ps2.exe (ID = 72826)
9:45 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || PS2 (ID = 0)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
first you have a couple of what look like new ones that aren't being recognized so

please go to http://www.thespykiller.co.uk/forum/index.php?board=1.0 and upload these files so I can examine them and distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:

C:\WINDOWS\Abjgjajp.dll
C:\WINDOWS\system32\poyryr.exe

then

  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That definitely exists so try it this way as it's probably hidden


download suspicious file packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it &
paste in this list of files and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

C:\WINDOWS\Abjgjajp.dll
C:\WINDOWS\system32\poyryr.exe

the second one MIGHT well be missing but the first MUST exist otherwise it wouldn't show up in a HJT log
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
dvk01 said:
That definitely exists so try it this way as it's probably hidden


download suspicious file packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it &
paste in this list of files and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

C:\WINDOWS\Abjgjajp.dll
C:\WINDOWS\system32\poyryr.exe

the second one MIGHT well be missing but the first MUST exist otherwise it wouldn't show up in a HJT log
I'm a dork, I was relaying this info for a friend...I was on my computer, not thinking, and was searching on mine, DUH!

I have sent her this link and told her to take over, she is not having trouble following the directions.

Thanks DVK!
Hugs,
Christine
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top