Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

exact problem unknown

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

exact problem unknown

Unread postby wordofwyrd » August 5th, 2006, 12:53 pm

Good afternoon!

My problem is the following : I have Norton Antivirus 2006 running, with auto-protect on. Yesterday it prompted me that I had a Trojan Popper alert, unable to access the file, yet my system scan identified and removed said file.

To be absolutely sure, I ran Ad-Aware and SpyBot Search&Destroy. These provided nothing similar, yet some other entries I deleted ( I use both these programmes every other month or so )

I then shut off the computer for the night.

This morning, I wanted to run Swat It! too, but since it has not been updating for a good while now, I decided to look on download.com for a new version. None to be found, yet I found a trial version of Spyware Doctor.

This SpyWare Doctor told me I had Trojan.Banker on my computer, but I had to pay to get it removed. Obviously, I did not want to use my creditcard to remove a tool that takes my creditcard number. So I went to the infected files and removed them manually ( they were a cookie and a favourite browser link I hadn't used in ages ). A second scan provided a whole lot of other infections, but not the Trojan.Banker anymore. It was deleted from my garbage bin too. It also told me something about igetnet or so, but I didn't touch that one as it seemed to be something more delicate.

I uninstalled Spyware doctor since it's only diagnosing, and I won't pay for it as long as I'm not sure it's safe.

I then ran Housecall, but it made my Firefox browser completely crash. So I went to the panda online scan, that showed me other spyware problems in tracking cookies, that I all deleted manually, including the cookie.txt files found in my mozilla user profiles.

Then I ran Spybot and Ad-Aware again. Found again quite some problems, that are all gone now ( I hope ).

Rebooted. Computer still works, much to my relief.

So finally, I ran HijackThis. I hope this is the right tool to find out what was going on with my computer, or if anyone could direct me to a powerful trojan removal tool, that is preferably free as I'm not using my creditcard until I'm sure there's nothing there that will take my numbers.

Here is my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 18:46:19, on 5/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nathalie Cassiers\Bureaublad\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/n ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O2 - BHO: AutoDiscovery Class - {CAB710D6-532E-4B68-97AE-398477FA5524} - C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_02a5.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_02a5.dll"
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... ymmapi.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedC ... /cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/ ... nPUpld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8883840D-5739-45C6-AA2C-530E7563A639}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



I hope its size is not an indicator for problems, and I appologize for the lengthy post but I figured I'd better explain what I did/didn't do and how I ended up here.

Thank you for your advice :)
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm
Advertisement
Register to Remove

Unread postby random/random » August 5th, 2006, 1:43 pm

Reveal Hidden Files
  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

  • Viewpoint


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_02a5.dll
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_02a5.dll"
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Then close all windows except Hijackthis and click Fix Checked

Restart


Use windows explorer to find and delete this file:

C:\WINDOWS\System32\sfg_02a5.dll

And this folder:

C:\Program Files\Viewpoint\

Restart

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the
Scan your PC
button
2. A new window will open...click the big
Check Now
button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
10. Click on
Local Disks
to start the scan
11. Post Panda scan results in your next reply

Post back with the panda log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 5th, 2006, 2:12 pm

I have done the first step, "show hidden files and folders" was already checked. the other two are now unchecked.


However, in my software removal there are three different Viewpoint programmes :

Viewpoint Manager ( Remove only )
Viewpoint Media Player ( Remove only )
Viewpoint Toolbar (Remove only)

Do I delete all of them or will that delete my mediaplayer ?
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby random/random » August 5th, 2006, 2:41 pm

It's up to you to decide if you want to remove viewpoint, but I would as it is generally considered to be considered foistware and is often insstalled without the users consent. if you want to keep it, that's fine

Viewpoint says this about the information they collect

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Uninstalling these

Viewpoint Manager ( Remove only )
Viewpoint Toolbar (Remove only)

should not affect viewpoint media player

If you decide to keep viewpoint media player, then do not delete this folder:


C:\Program Files\Viewpoint\
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 5th, 2006, 5:39 pm

Thank you :)


I decided to get rid of all Viewpoint software, their Viewmanager was asking to connect to the net several times a day and I always denied it, suspecting something was wrong anyway, that'll be something good to be rid of.


On step 2 :

After a restart, I did not find the following file :

C:\WINDOWS\System32\sfg_02a5.dll

I checked manually in the folder, and it was not there, so I assumed it was gone.


Maybe I should specify the following : my computer does not shut down itself anymore, it stays on the "windows is shutting down" blue screen ( I have it in Dutch, my translation may be off ). I have to push the start button for it to shut down completely, and then push it again to restart. It does that too when I want to shut it off completely in 50% of the shut downs.

It takes a while to start it up too. I suppose this is because a whole lot of systems are trying to start up all at once, I tried to get rid of as much as possible in their settings but several remain, f.e. iTunes, system tray icons for my printer and for ImageTransfer.

Also : as soon as I connect to the net after a restart, windows explorer wants to connect to the net.


Here are my new logs :

Panda ActiveScan ( the last scan I did was for "my computer" and I removed all entries in the log file manually as they were all cookies ). I hope I got everything because IE won't let me make the scan screen bigger and I only see half of it, and it won't work in Firefox either.


Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.atwola.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.com.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Beweb Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.beweb.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.target.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Firefox\Profiles\7kgvpo62.default\cookies.txt[.go.com/]
Adware:adware/igetnet Not disinfected C:\WINDOWS\SYSTEM\rules.dat
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\lwr2.dll
Adware:Adware/Popupdefence Not disinfected C:\WINDOWS\SYSTEM32\sfg4c94.dll
Adware:Adware/Popupdefence Not disinfected C:\WINDOWS\SYSTEM32\veev1542.dll


What i don't understand is that I had already cleaned out most of those manually. They must therefore be on the sites I visit daily, since that's all I surfed on since cleaning those cookies out the first time ?

HijackThis :




Logfile of HijackThis v1.99.1
Scan saved at 23:42:40, on 5/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/n ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O2 - BHO: AutoDiscovery Class - {CAB710D6-532E-4B68-97AE-398477FA5524} - C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... ymmapi.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedC ... /cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/ ... nPUpld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8883840D-5739-45C6-AA2C-530E7563A639}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby random/random » August 5th, 2006, 5:50 pm

Please download WinPFind2.
  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.

To assist diagnosis I would like a list of installed programs.
  • Open HijackThis and select Open the Misc Tools section
  • Click on the Open Uninstall Manager…
  • Select the Save List button
  • I suggest that you accept the default name of uninstall_list.txt and save the file to your desktop
  • Close HijackThis


Post back with the uninstall list and the WinPfind log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 5th, 2006, 6:22 pm

I am unable to run WinPFind2 - the minute it goes to "scanning registry" it freezes, and takes up all CPU - I have shut off everything else, but that doesn't help :?

Here is however the uninstall list :

3Com NIC Diagnostics
Active Web Reader 2.42
Ad-Aware SE Personal
Adobe Download Manager 2.0 (alleen verwijderen)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
AIM+ (remove only)
Alchemy 1.2
AOL Instant Messenger
a-squared Free 1.6.5
AUREAS (C:\Program Files\AUREAS\)
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 9 (KB911565)
Beveiligingsupdate voor Windows Media Player 9 (KB917734)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB903235)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB905915)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB908531)
Beveiligingsupdate voor Windows XP (KB911280)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912812)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913446)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB916281)
Beveiligingsupdate voor Windows XP (KB917159)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918439)
Big Money Deluxe 1.11
CanoCraft CS-P
Cassini-Huygens screensaver Screensaver
ccCommon
CkS-Y2K Full Version
Corel SVG Viewer
Dell Solution Center
DivX 5.0.2 Bundle
Dynomite Deluxe 2.56k
Dynomite Deluxe 2.71
Easy CD Creator 5 Basic
FoneSync
HijackThis 1.99.1
hp deskjet 930c series
hp deskjet 930c series Installatie ongedaan maken
ICQ
Image Transfer
ImageMixer for Sony
Intel Application Accelerator
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 6
Janus 3 Demo All Modules
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.2_05
Java Web Start
KB898458: Beveiligingsupdate voor Step by Step Interactive Training
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
Logitech IM Video Companion
Logitech QuickCam
Macromedia Flash Player 8
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Word in Works Suite-invoegtoepassing
Microsoft Works 2001 Setup starten
Microsoft Works 6.0
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
MSN Toolbar
Music Manager
NAVShortcut
Netscape (7.01)
Netzip Classic 7.5.1.86
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Panda ActiveScan
Parentèle Déclic
PowerDVD
QuickTime
RealDownload
RealJukebox
RealPlayer Basic
Semagic (remove only)
Siemens DSL Modem
Sony USB Driver
Sound Blaster Live! Value
SPBBC
Spybot - Search & Destroy 1.4
StuffIt Standard
Sygate Personal Firewall
Symantec
TAK: The Iron Plague
Total Annihilation: Kingdoms
Ulead Photo Explorer 6.0
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB916595)
VideoLink Mail
Warlords Battlecry II
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Creativity Fun Packs - Player Blogging Plug-in
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby random/random » August 6th, 2006, 4:35 am

Let's try an older version of WinPfind

Use windows explorer to find and delete these files:

C:\WINDOWS\SYSTEM32\lwr2.dll
C:\WINDOWS\SYSTEM32\sfg4c94.dll
C:\WINDOWS\SYSTEM32\veev1542.dll


Next, download Winpfind and extract it to a folder on your C:\ Drive

Navigate to the C:\WinPFind directory and click the file called WinPFind.exe .to open it
Once it is open, click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
When it is done, it will show the results of the scan.
Click on the Copy to Clipboard button
Paste the contents of the log in your clipboard to a Notepad file on your desktop.

Post back with the WinPfind log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 6th, 2006, 7:43 am

Thank you :) This one worked, although I'm a bit worried that I did not give winpfind2 a chance, as this one's download link stated that sometimes windows adds it freezes, but it doesn't really. Then again, nothing moved on winpfind2.

Anyway : no copy to clipboard option so I just copied everything :

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 23/06/2003 15:32:52 922112 C:\WINDOWS\vsapi32.dll
aspack 23/06/2003 15:32:52 922112 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 7/09/2001 9:00:00 41122 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 7/07/2006 3:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 10:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 10:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 7/09/2001 9:00:00 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 4/08/2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/08/2006 13:05:36 S 2048 C:\WINDOWS\BOOTSTAT.DAT
5/08/2006 16:00:22 H 54156 C:\WINDOWS\QTFont.qfn
19/06/2006 16:20:58 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
6/08/2006 13:26:40 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
6/08/2006 13:05:40 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
6/08/2006 13:06:52 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
6/08/2006 13:42:56 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
6/08/2006 13:08:18 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
14/07/2006 12:10:46 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
28/06/2006 9:38:58 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\ebeec819-9a9b-4b76-985b-9c567bb1cd03
28/06/2006 9:38:58 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
6/08/2006 13:05:46 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 10:03:36 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 10:03:36 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 19/03/1998 3:00:00 18432 C:\WINDOWS\SYSTEM32\Audiohq.cpl
Microsoft Corporation 4/08/2004 10:03:36 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Creative Technology Ltd. 24/08/2000 3:56:00 228352 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Microsoft Corporation 4/08/2004 10:03:36 137728 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 10:03:36 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
GlobespanVirata, Inc. 13/02/2003 10:56:08 290816 C:\WINDOWS\SYSTEM32\gsi.cpl
Microsoft Corporation 4/08/2004 10:03:36 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 10:03:36 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 10:03:36 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 10:03:36 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 10:03:36 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7/09/2001 9:00:00 189440 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 4/08/2004 10:03:36 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/09/2001 9:00:00 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 4/08/2004 10:03:36 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 10:03:36 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4/08/2004 10:03:36 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 16/04/2002 15:28:48 45175 C:\WINDOWS\SYSTEM32\plugincpl140_01.cpl
Microsoft Corporation 4/08/2004 10:03:36 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks 24/03/2002 22:55:02 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 4/08/2004 10:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7/09/2001 9:00:00 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 4/08/2004 10:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 10:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 4:16:34 174872 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
29/09/2002 2:11:44 986 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
21/12/2005 1:02:56 1757 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
4/10/2001 10:07:36 HS 84 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\DESKTOP.INI
19/03/2002 20:45:56 897 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Herinneringen van Microsoft Works Agenda.lnk
21/02/2004 4:18:38 715 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Image Transfer.lnk
1/05/2002 15:09:48 1730 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
17/08/2002 21:27:32 1681 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\RealDownload.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/10/2001 9:59:40 HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
6/08/2006 13:06:12 17 C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
17/07/2006 8:03:32 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
4/10/2001 10:07:36 HS 84 C:\Documents and Settings\Nathalie Cassiers\Menu Start\Programma's\Opstarten\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
15/11/2005 15:33:18 1552 C:\Documents and Settings\Nathalie Cassiers\Application Data\AdobeDLM.log
4/10/2001 9:59:40 HS 62 C:\Documents and Settings\Nathalie Cassiers\Application Data\DESKTOP.INI
15/11/2005 15:33:18 0 C:\Documents and Settings\Nathalie Cassiers\Application Data\dm.ini
26/01/2006 12:43:44 45824 C:\Documents and Settings\Nathalie Cassiers\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Program Files\Aladdin Systems\StuffIt\CompressMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Program Files\Aladdin Systems\StuffIt\CompressMenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11359F4A-B191-42d7-905A-594F8CF0387B}
Dictionary.com = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAB710D6-532E-4B68-97AE-398477FA5524}
AutoDiscovery Class = C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
BrowserHelper Class = C:\WINDOWS\System32\nzdd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{11359F4A-B191-42D7-905A-594F8CF0387B} = Dictionary.com : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ : C:\Program Files\ICQ\ICQ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Zoekbalk = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{11359F4A-B191-42D7-905A-594F8CF0387B} = Dictionary.com : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
UpdReg C:\WINDOWS\Updreg.exe
AHQInit C:\Program Files\Creative\SBLive\Program\AHQInit.exe
TCASUTIEXE TCAUDIAG -off
WorksFUD C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
GSICONEXE gsicon.exe
DSLAGENTEXE dslagent.exe USB
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
LVCOMS C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
AdaptecDirectCD "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
STYLEXP C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
Extreme Messenger for AIM C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun _


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/08/2006 13:43:33
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby wordofwyrd » August 6th, 2006, 7:45 am

New HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 13:48:59, on 6/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/n ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O2 - BHO: AutoDiscovery Class - {CAB710D6-532E-4B68-97AE-398477FA5524} - C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... ymmapi.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedC ... /cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/ ... nPUpld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8883840D-5739-45C6-AA2C-530E7563A639}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby random/random » August 6th, 2006, 4:57 pm

Download ATF Cleaner by Attribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 5.0 Update 6.

Post back with a new HijackThis log and tell me of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 6th, 2006, 6:50 pm

I completed all the steps, after that I rebooted the computer, and for the first time it actually shut down by itself and started up again. Success :D

Windows explorer did not try to connect to the net this time.

However, upon connecting to the net, my firewall prompted me with the following :

SPBBC Service (SPBBCvc.exe) is trying to broadcast to [224.0.0.22]

I have no idea what it is, so I denied access.


Here is the new HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 0:49:37, on 7/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/n ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O2 - BHO: AutoDiscovery Class - {CAB710D6-532E-4B68-97AE-398477FA5524} - C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... ymmapi.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedC ... /cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/ ... nPUpld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8883840D-5739-45C6-AA2C-530E7563A639}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



I have a couple of questions ( sorry for taking advantage of your knowledge! )

- how do I know whether the Trojan.Banker file is definitely off my system?

- Should I run more anti-spyware programmes or is everything now off my system ?

- I have a whole lot of programmes that start up with windows, but I never prompted them to do so. I have once stopped them from starting up via windows msconfig, but upon rebooting it prompted me that I had chosen a partial start-up, and that I should do a complete start-up, so I restored the files. Any way of keeping things like iTunes helper etc. from starting up? They do slow down my computer enormeously, I should maybe specify that I have never reinstalled windows on my computer, it's been running since I bought it it beginning of 2003.

- Can I go uncheck "show hidden files" etc. ; my 9 year old sister sometimes uses my computer when she's here and I wouldn't want any accidents to happen :D

That's all I can think of for now, thank you SO MUCH for your help :)
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby random/random » August 7th, 2006, 4:12 am

However, upon connecting to the net, my firewall prompted me with the following :

SPBBC Service (SPBBCvc.exe) is trying to broadcast to [224.0.0.22]

I have no idea what it is, so I denied access.


That looks like part of norton to me

Can I go uncheck "show hidden files" etc. ; my 9 year old sister sometimes uses my computer when she's here and I wouldn't want any accidents to happen


Yes

Should I run more anti-spyware programmes or is everything now off my system ?


Ad-aware and spybot search & destroy are usually sufficient as scanners, if you want to add another I would suggest Ewido antispyware

how do I know whether the Trojan.Banker file is definitely off my system?


The easiest way is probably to reinstall sypyware doctor and do a scan with it

- I have a whole lot of programmes that start up with windows, but I never prompted them to do so. I have once stopped them from starting up via windows msconfig, but upon rebooting it prompted me that I had chosen a partial start-up, and that I should do a complete start-up, so I restored the files. Any way of keeping things like iTunes helper etc. from starting up? They do slow down my computer enormeously, I should maybe specify that I have never reinstalled windows on my computer, it's been running since I bought it it beginning of 2003.


We'll sort that out now

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)


O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

Then close all windows except Hijackthis and click Fix Checked

Restart

Post back with a new HjackThis log and let me know the results of the spyware doctor scan
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby wordofwyrd » August 7th, 2006, 7:25 am

These are the results of my SpyWare Doctor scan :

nfectienaam: Locatie Risico
DownloadPlus C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP1241\A0187723.dll Verhoogd
Common Components for Claria C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP1241\A0187854.inf Verhoogd
IGetNet C:\WINDOWS\system\rules.dat Hoog
Advertising cookies.txt - Lijn #103 Laag
Tracking Cookie(s) cookies.txt - Lijn #106 Laag
Advertising cookies.txt - Lijn #130 Laag
Advertising cookies.txt - Lijn #131 Laag
Advertising cookies.txt - Lijn #132 Laag
Advertising cookies.txt - Lijn #133 Laag
Advertising cookies.txt - Lijn #134 Laag
Tracking Cookie(s) cookies.txt - Lijn #138 Laag
Advertising cookies.txt - Lijn #145 Laag
2nd-thought.com cookies.txt - Lijn #159 Hoog
2nd-thought.com cookies.txt - Lijn #166 Hoog
2nd-thought.com cookies.txt - Lijn #167 Hoog
2nd-thought.com cookies.txt - Lijn #168 Hoog
2nd-thought.com cookies.txt - Lijn #169 Hoog
2nd-thought.com cookies.txt - Lijn #170 Hoog
2nd-thought.com cookies.txt - Lijn #171 Hoog
2nd-thought.com cookies.txt - Lijn #172 Hoog
2nd-thought.com cookies.txt - Lijn #173 Hoog
Tracking Cookie(s) cookies.txt - Lijn #184 Laag
Tracking Cookie(s) cookies.txt - Lijn #185 Laag
Tracking Cookie(s) cookies.txt - Lijn #187 Laag
Tracking Cookie(s) cookies.txt - Lijn #188 Laag
Tracking Cookie(s) cookies.txt - Lijn #191 Laag
Tracking Cookie(s) cookies.txt - Lijn #192 Laag
Tracking Cookie(s) cookies.txt - Lijn #196 Laag
Tracking Cookie(s) cookies.txt - Lijn #198 Laag
Tracking Cookie(s) cookies.txt - Lijn #200 Laag
Tracking Cookie(s) cookies.txt - Lijn #201 Laag
Tracking Cookie(s) cookies.txt - Lijn #202 Laag
Tracking Cookie(s) cookies.txt - Lijn #203 Laag
Tracking Cookie(s) cookies.txt - Lijn #204 Laag
Tracking Cookie(s) cookies.txt - Lijn #205 Laag
Tracking Cookie(s) cookies.txt - Lijn #206 Laag
Tracking Cookie(s) cookies.txt - Lijn #207 Laag
Tracking Cookie(s) cookies.txt - Lijn #221 Laag
Tracking Cookie(s) cookies.txt - Lijn #222 Laag
Tracking Cookie(s) cookies.txt - Lijn #223 Laag
Tracking Cookie(s) cookies.txt - Lijn #224 Laag
Tracking Cookie(s) cookies.txt - Lijn #225 Laag
Tracking Cookie(s) cookies.txt - Lijn #226 Laag
Tracking Cookie(s) cookies.txt - Lijn #227 Laag
Advertising cookies.txt - Lijn #233 Laag
Advertising cookies.txt - Lijn #234 Laag
Advertising cookies.txt - Lijn #235 Laag
Advertising cookies.txt - Lijn #236 Laag
Tracking Cookie(s) cookies.txt - Lijn #266 Laag
Tracking Cookie(s) cookies.txt - Lijn #267 Laag
Tracking Cookie(s) cookies.txt - Lijn #268 Laag
Tracking Cookie(s) cookies.txt - Lijn #269 Laag
Tracking Cookie(s) cookies.txt - Lijn #281 Laag
Tracking Cookie(s) cookies.txt - Lijn #293 Laag
Tracking Cookie(s) cookies.txt - Lijn #294 Laag
Tracking Cookie(s) cookies.txt - Lijn #296 Laag
Tracking Cookie(s) cookies.txt - Lijn #297 Laag
Advertising cookies.txt - Lijn #298 Laag
Advertising cookies.txt - Lijn #299 Laag
Advertising cookies.txt - Lijn #30 Laag
Advertising cookies.txt - Lijn #300 Laag
Advertising cookies.txt - Lijn #301 Laag
Advertising cookies.txt - Lijn #302 Laag
Tracking Cookie(s) cookies.txt - Lijn #320 Laag
Tracking Cookie(s) cookies.txt - Lijn #321 Laag
Tracking Cookie(s) cookies.txt - Lijn #322 Laag
Tracking Cookie(s) cookies.txt - Lijn #323 Laag
Tracking Cookie(s) cookies.txt - Lijn #324 Laag
Tracking Cookie(s) cookies.txt - Lijn #325 Laag
Tracking Cookie(s) cookies.txt - Lijn #326 Laag
Tracking Cookie(s) cookies.txt - Lijn #327 Laag
Tracking Cookie(s) cookies.txt - Lijn #328 Laag
Tracking Cookie(s) cookies.txt - Lijn #329 Laag
Tracking Cookie(s) cookies.txt - Lijn #330 Laag
Tracking Cookie(s) cookies.txt - Lijn #331 Laag
Tracking Cookie(s) cookies.txt - Lijn #337 Laag
Tracking Cookie(s) cookies.txt - Lijn #338 Laag
Tracking Cookie(s) cookies.txt - Lijn #339 Laag
Tracking Cookie(s) cookies.txt - Lijn #340 Laag
Tracking Cookie(s) cookies.txt - Lijn #341 Laag
Tracking Cookie(s) cookies.txt - Lijn #342 Laag
Tracking Cookie(s) cookies.txt - Lijn #346 Laag
Tracking Cookie(s) cookies.txt - Lijn #347 Laag
Tracking Cookie(s) cookies.txt - Lijn #348 Laag
Tracking Cookie(s) cookies.txt - Lijn #349 Laag
Advertising cookies.txt - Lijn #355 Laag
Advertising cookies.txt - Lijn #356 Laag
Advertising cookies.txt - Lijn #357 Laag
Advertising cookies.txt - Lijn #358 Laag
Advertising cookies.txt - Lijn #359 Laag
Advertising cookies.txt - Lijn #360 Laag
Advertising cookies.txt - Lijn #37 Laag
Tracking Cookie(s) cookies.txt - Lijn #379 Laag
Tracking Cookie(s) cookies.txt - Lijn #380 Laag
Advertising cookies.txt - Lijn #386 Laag
Advertising cookies.txt - Lijn #39 Laag
Advertising cookies.txt - Lijn #393 Laag
Advertising cookies.txt - Lijn #394 Laag
Advertising cookies.txt - Lijn #395 Laag
Advertising cookies.txt - Lijn #396 Laag
Advertising cookies.txt - Lijn #397 Laag
Advertising cookies.txt - Lijn #398 Laag
Advertising cookies.txt - Lijn #399 Laag
Advertising cookies.txt - Lijn #400 Laag
Advertising cookies.txt - Lijn #401 Laag
Advertising cookies.txt - Lijn #402 Laag
Advertising cookies.txt - Lijn #403 Laag
Advertising cookies.txt - Lijn #404 Laag
Advertising cookies.txt - Lijn #405 Laag
Advertising cookies.txt - Lijn #406 Laag
Advertising cookies.txt - Lijn #407 Laag
Advertising cookies.txt - Lijn #408 Laag
Advertising cookies.txt - Lijn #409 Laag
Advertising cookies.txt - Lijn #410 Laag
Advertising cookies.txt - Lijn #411 Laag
Advertising cookies.txt - Lijn #412 Laag
Advertising cookies.txt - Lijn #413 Laag
Advertising cookies.txt - Lijn #414 Laag
Advertising cookies.txt - Lijn #415 Laag
Advertising cookies.txt - Lijn #416 Laag
Advertising cookies.txt - Lijn #417 Laag
Advertising cookies.txt - Lijn #418 Laag
Advertising cookies.txt - Lijn #419 Laag
Advertising cookies.txt - Lijn #420 Laag
Advertising cookies.txt - Lijn #421 Laag
Advertising cookies.txt - Lijn #422 Laag
Advertising cookies.txt - Lijn #423 Laag
Advertising cookies.txt - Lijn #424 Laag
Advertising cookies.txt - Lijn #425 Laag
Advertising cookies.txt - Lijn #426 Laag
Advertising cookies.txt - Lijn #427 Laag
Advertising cookies.txt - Lijn #428 Laag
Advertising cookies.txt - Lijn #429 Laag
Advertising cookies.txt - Lijn #43 Laag
Advertising cookies.txt - Lijn #430 Laag
Advertising cookies.txt - Lijn #431 Laag
Advertising cookies.txt - Lijn #432 Laag
Advertising cookies.txt - Lijn #44 Laag
Advertising cookies.txt - Lijn #45 Laag
Tracking Cookie(s) cookies.txt - Lijn #451 Laag
Tracking Cookie(s) cookies.txt - Lijn #455 Laag
Advertising cookies.txt - Lijn #47 Laag
Advertising cookies.txt - Lijn #48 Laag
Tracking Cookie(s) cookies.txt - Lijn #484 Laag
Tracking Cookie(s) cookies.txt - Lijn #485 Laag
Tracking Cookie(s) cookies.txt - Lijn #487 Laag
Advertising cookies.txt - Lijn #49 Laag
Tracking Cookie(s) cookies.txt - Lijn #494 Laag
Tracking Cookie(s) cookies.txt - Lijn #495 Laag
Tracking Cookie(s) cookies.txt - Lijn #496 Laag
Tracking Cookie(s) cookies.txt - Lijn #497 Laag
Tracking Cookie(s) cookies.txt - Lijn #498 Laag
Tracking Cookie(s) cookies.txt - Lijn #499 Laag
Advertising cookies.txt - Lijn #50 Laag
Advertising cookies.txt - Lijn #500 Laag
Advertising cookies.txt - Lijn #501 Laag
Tracking Cookie(s) cookies.txt - Lijn #502 Laag
Tracking Cookie(s) cookies.txt - Lijn #503 Laag
Tracking Cookie(s) cookies.txt - Lijn #504 Laag
Tracking Cookie(s) cookies.txt - Lijn #505 Laag
Tracking Cookie(s) cookies.txt - Lijn #506 Laag
Advertising cookies.txt - Lijn #51 Laag
Tracking Cookie(s) cookies.txt - Lijn #521 Laag
Tracking Cookie(s) cookies.txt - Lijn #522 Laag
Tracking Cookie(s) cookies.txt - Lijn #531 Laag
Tracking Cookie(s) cookies.txt - Lijn #538 Laag
Tracking Cookie(s) cookies.txt - Lijn #54 Laag
Tracking Cookie(s) cookies.txt - Lijn #543 Laag
Tracking Cookie(s) cookies.txt - Lijn #544 Laag
Tracking Cookie(s) cookies.txt - Lijn #545 Laag
Tracking Cookie(s) cookies.txt - Lijn #546 Laag
Tracking Cookie(s) cookies.txt - Lijn #55 Laag
Tracking Cookie(s) cookies.txt - Lijn #56 Laag
Advertising cookies.txt - Lijn #561 Laag
Advertising cookies.txt - Lijn #562 Laag
Advertising cookies.txt - Lijn #563 Laag
Advertising cookies.txt - Lijn #564 Laag
Tracking Cookie(s) cookies.txt - Lijn #57 Laag
Tracking Cookie(s) cookies.txt - Lijn #576 Laag
Tracking Cookie(s) cookies.txt - Lijn #577 Laag
Tracking Cookie(s) cookies.txt - Lijn #578 Laag
2nd-thought.com cookies.txt - Lijn #579 Hoog
Advertising cookies.txt - Lijn #58 Laag
2nd-thought.com cookies.txt - Lijn #580 Hoog
2nd-thought.com cookies.txt - Lijn #581 Hoog
2nd-thought.com cookies.txt - Lijn #582 Hoog
Tracking Cookie(s) cookies.txt - Lijn #59 Laag
Tracking Cookie(s) cookies.txt - Lijn #591 Laag
Advertising cookies.txt - Lijn #60 Laag
Advertising cookies.txt - Lijn #640 Laag
Advertising cookies.txt - Lijn #641 Laag
Advertising cookies.txt - Lijn #642 Laag
Advertising cookies.txt - Lijn #643 Laag
Advertising cookies.txt - Lijn #644 Laag
Tracking Cookie(s) cookies.txt - Lijn #647 Laag
Tracking Cookie(s) cookies.txt - Lijn #656 Laag
Tracking Cookie(s) cookies.txt - Lijn #657 Laag
Tracking Cookie(s) cookies.txt - Lijn #658 Laag
Tracking Cookie(s) cookies.txt - Lijn #659 Laag
Tracking Cookie(s) cookies.txt - Lijn #671 Laag
Tracking Cookie(s) cookies.txt - Lijn #681 Laag
Tracking Cookie(s) cookies.txt - Lijn #691 Laag
Advertising cookies.txt - Lijn #696 Laag
Advertising cookies.txt - Lijn #697 Laag
Tracking Cookie(s) cookies.txt - Lijn #719 Laag
Tracking Cookie(s) cookies.txt - Lijn #720 Laag
Tracking Cookie(s) cookies.txt - Lijn #722 Laag
Tracking Cookie(s) cookies.txt - Lijn #723 Laag
Tracking Cookie(s) cookies.txt - Lijn #724 Laag
Tracking Cookie(s) cookies.txt - Lijn #75 Laag
Tracking Cookie(s) cookies.txt - Lijn #76 Laag
Advertising cookies.txt - Lijn #766 Laag
Tracking Cookie(s) cookies.txt - Lijn #77 Laag
Advertising cookies.txt - Lijn #771 Laag
Tracking Cookie(s) cookies.txt - Lijn #777 Laag
Tracking Cookie(s) cookies.txt - Lijn #78 Laag
Tracking Cookie(s) cookies.txt - Lijn #797 Laag
Tracking Cookie(s) cookies.txt - Lijn #798 Laag
Tracking Cookie(s) cookies.txt - Lijn #799 Laag
Tracking Cookie(s) cookies.txt - Lijn #800 Laag
Tracking Cookie(s) cookies.txt - Lijn #801 Laag
Tracking Cookie(s) cookies.txt - Lijn #802 Laag
Tracking Cookie(s) cookies.txt - Lijn #810 Laag
Tracking Cookie(s) cookies.txt - Lijn #811 Laag
Tracking Cookie(s) cookies.txt - Lijn #812 Laag
Tracking Cookie(s) cookies.txt - Lijn #814 Laag
Tracking Cookie(s) cookies.txt - Lijn #82 Laag
Tracking Cookie(s) cookies.txt - Lijn #83 Laag
Tracking Cookie(s) cookies.txt - Lijn #84 Laag
Tracking Cookie(s) cookies.txt - Lijn #85 Laag
Advertising cookies.txt - Lijn #854 Laag
Advertising cookies.txt - Lijn #855 Laag
Tracking Cookie(s) cookies.txt - Lijn #86 Laag
Tracking Cookie(s) cookies.txt - Lijn #87 Laag
Tracking Cookie(s) cookies.txt - Lijn #88 Laag
Tracking Cookie(s) cookies.txt - Lijn #89 Laag
Tracking Cookie(s) cookies.txt - Lijn #90 Laag
Tracking Cookie(s) cookies.txt - Lijn #903 Laag
Advertising cookies.txt - Lijn #905 Laag
Tracking Cookie(s) cookies.txt - Lijn #91 Laag
Tracking Cookie(s) cookies.txt - Lijn #92 Laag
Tracking Cookie(s) cookies.txt - Lijn #93 Laag
Advertising cookies.txt - Lijn #930 Laag
Tracking Cookie(s) cookies.txt - Lijn #94 Laag
Tracking Cookie(s) cookies.txt - Lijn #942 Laag
Tracking Cookie(s) cookies.txt - Lijn #95 Laag
Tracking Cookie(s) cookies.txt - Lijn #951 Laag
Tracking Cookie(s) cookies.txt - Lijn #96 Laag
Tracking Cookie(s) cookies.txt - Lijn #97 Laag
Tracking Cookie(s) cookies.txt - Lijn #98 Laag
Brilliant Digital HKCR\.s3d Medium
Brilliant Digital HKCR\.s3d## Medium
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5} Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}## Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0 Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0## Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\0 Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\0## Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\0\win32 Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\0\win32## Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\FLAGS Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\FLAGS## Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\HELPDIR Hoog
FavoriteMan HKCR\TypeLib\{DA5E961F-F519-403C-9744-0D4376B1B0B5}\1.0\HELPDIR## Hoog



( to specify : locatie = location / infectienaam : infection name / risico = risk // hoog = high / laag = low / medium well medium )


But 264 ??? How do they figure that ? Do they infect my computer or what ?



I will now go to HijackThis for the other solutions :) Thank you again :)
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby wordofwyrd » August 7th, 2006, 7:45 am

computer didn't reboot by itself again - I think it was still too busy running processes when I shut it off.

Here's the new HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 13:44:58, on 7/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/n ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nathalie Cassiers\Application Data\Mozilla\Profiles\default\ubftejxa.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O2 - BHO: AutoDiscovery Class - {CAB710D6-532E-4B68-97AE-398477FA5524} - C:\Program Files\Deskshare\Active Web Reader\IERSSFeedDiscovery.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedC ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... ymmapi.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedC ... /cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/ ... nPUpld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion ... /imvid.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{8883840D-5739-45C6-AA2C-530E7563A639}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{237F6181-0D17-47AD-AF9A-43CD1582DCB7}: NameServer = 134.184.250.7,0.0.0.0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I haven't unchecked the "show all" functions and such, will do so once these are resolved :)

Can I also check the following for HijackThis to fix :

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

I believe the Logitech thing is the errormessage I get everytime I start up, because it can't find the download software ( I think I uninstalled components of it while getting rid of spyware, at least that's when the error messages started to occur after I got rid of an adware )

I'll be out for most of the day now, so sorry if can't immediately respond! Thanks again though, this has not only been very effective but also very instructive!
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 316 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware