Jump to content


Photo

Getting Rid Of Mysearchnow Bar


  • This topic is locked This topic is locked
10 replies to this topic

#1 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 27 July 2004 - 05:46 AM

I've got a really annoying blue searchbar at the top of Internet Explorer, and was wondering how to remove it. Following are the logfiles from Ad-aware and hijackthis, so any other help would be appreciated too!

The Ad-Aware Log:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, July 27, 2004 11:10:51 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R334 24.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R334 24.07.2004
Internal build : 268
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1316091 Bytes
Signature data size : 1295051 Bytes
Reference data size : 20976 Bytes
Signatures total : 28648
Target categories : 10
Target families : 528

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:30 %
Total physical memory:392688 kb
Available physical memory:117480 kb
Total page file size:550880 kb
Available on page file:297764 kb
Total virtual memory:2097024 kb
Available virtual memory:2051812 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


27-07-2004 11:10:51 AM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 27-07-2004 10:02:09 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 27-07-2004 10:02:19 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 27-07-2004 10:02:20 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 10/01/2004 6:23:00 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 27-07-2004 10:02:20 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 10/01/2004 6:19:12 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 27-07-2004 10:02:20 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 10/01/2004 6:24:09 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:20 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 10/01/2004 6:24:09 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 27-07-2004 10:02:24 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 10/01/2004 6:17:48 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 27-07-2004 10:02:24 AM
BasePriority : Normal
FileSize : 301 KB
FileVersion : 1.00.37
ProductVersion : 1.00.37
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 08/08/2002 9:40:02 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 08/08/2002 9:40:02 PM

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 27-07-2004 10:02:26 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 10/01/2004 6:23:53 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:10 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:26 AM
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 20/10/2003 1:04:49 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 13/12/1999 12:01:00 AM

#:11 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ThreadCreationTime : 27-07-2004 10:02:26 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright © SEIKO EPSON CORP. 2000-2001
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
OriginalFilename : SAgent2.exe
ProductName : EPSON Bidirectional Printer
Created on : 20/10/2003 12:55:48 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 09/08/2001 1:01:00 AM

#:12 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 27-07-2004 10:02:26 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 25/07/2004 3:49:54 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 14/11/2002 6:41:26 PM

#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:26 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 06/10/2003 1:16:00 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 06/10/2003 1:16:00 PM

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:27 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 10/01/2004 6:24:09 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:15 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZONELABS\
ThreadCreationTime : 27-07-2004 10:02:27 AM
BasePriority : Normal
FileSize : 893 KB
FileVersion : 5.0.590.043
ProductVersion : 5.0.590.043
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 22/06/2004 4:23:53 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 16/06/2004 3:47:36 AM

#:16 [type32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Keyboard\
ThreadCreationTime : 27-07-2004 10:02:32 AM
BasePriority : Normal
FileSize : 92 KB
FileVersion : 2.20.447.0
ProductVersion : 2.2
Copyright : Copyright © Microsoft Corp. 1995-2001
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliType Pro
InternalName : Type32
OriginalFilename : Type32.exe
ProductName : Microsoft IntelliType Pro
Created on : 21/03/2002 8:41:56 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 21/03/2002 8:41:56 PM

#:17 [vproperty.exe]
FilePath : C:\PROGRA~1\PHILIP~1\
ThreadCreationTime : 27-07-2004 10:02:32 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 1.05
ProductVersion : 5.1.2600.105
Copyright : Copyright
CompanyName : Philips PC Cameras
FileDescription : VProperty
InternalName : VProperty.exe
OriginalFilename : VProperty.exe
ProductName : Philips PC Cameras ToUcam VProperty
Created on : 22/10/2003 6:01:26 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 28/11/2001 1:50:10 PM

#:18 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 27-07-2004 10:02:32 AM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 19/04/2004 7:55:24 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 19/04/2004 7:55:26 PM

#:19 [ctsysvol.exe]
FilePath : C:\Program Files\Creative\SBAudigy2\Surround Mixer\
ThreadCreationTime : 27-07-2004 10:02:32 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1.1.3.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
OriginalFilename : CTSysVol.exe
ProductName : Creative Volume Control
Created on : 24/04/2004 12:20:15 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 29/10/2002 8:18:24 AM

#:20 [ctdvddet.exe]
FilePath : C:\Program Files\Creative\SBAudigy2\DVDAudio\
ThreadCreationTime : 27-07-2004 10:02:32 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
Copyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
OriginalFilename : CTDVDDET.EXE
ProductName : CTDVDDET
Created on : 24/04/2004 12:21:22 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 30/09/2002

#:21 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:33 AM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 16
ProductVersion : 1, 0, 0, 16
Copyright : Copyright © 2002-03
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
OriginalFilename : CtHelper.EXE
ProductName : CtHelper Application
Created on : 24/04/2004 12:23:26 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 10/04/2003 8:36:52 AM

#:22 [opware32.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 11.0
ProductVersion : 11.0
Copyright : Copyright
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
OriginalFilename : Opware32.exe
ProductName : OmniPage SE
Created on : 03/06/2002 10:38:12 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 03/06/2002 10:38:12 AM

#:23 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\Version 4.6\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 04/06/2004 11:38:12 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 04/06/2004 11:38:12 AM

#:24 [clonecdtray.exe]
FilePath : C:\Program Files\Elaborate Bytes\CloneCD\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 72 KB
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
Copyright : Copyright
CompanyName : Elaborate Bytes AG
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 02/12/2002 2:17:37 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 02/12/2002 2:17:38 PM

#:25 [msgplus.exe]
FilePath : C:\Program Files\MSN plus\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright © 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 17/06/2004 8:45:06 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 17/06/2004 8:45:08 PM

#:26 [zlclient.exe]
FilePath : C:\Program Files\ZoneAlarm\ZoneAlarm\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 681 KB
FileVersion : 5.0.590.043
ProductVersion : 5.0.590.043
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 22/06/2004 4:23:57 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 16/06/2004 3:48:24 AM

#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 27-07-2004 10:02:34 AM
BasePriority : Normal
FileSize : 49 KB
FileVersion : 1.00.104
ProductVersion : 1.00.104
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 19/08/2002 9:22:38 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 19/08/2002 9:22:38 PM

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 27-07-2004 10:02:35 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 10/01/2004 6:22:44 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:29 [rftray.exe]
FilePath : C:\PROGRA~1\PHILIP~1\GameCam SE\Program\
ThreadCreationTime : 27-07-2004 10:02:36 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
FileDescription : Reality Fusion Tray Application
InternalName : RFTRAY
OriginalFilename : RFTRAY.EXE
ProductName : Reality Fusion Tray Application
Created on : 22/10/2003 6:03:03 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 17/08/2000 4:40:20 PM

#:30 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 27-07-2004 10:02:37 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 10/01/2004 7:18:11 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:31 [hotsync.exe]
FilePath : C:\Program Files\Sony Handheld\
ThreadCreationTime : 27-07-2004 10:02:37 AM
BasePriority : Normal
FileSize : 292 KB
FileVersion : 4.0.1
ProductVersion : 4.0.1
Copyright : Copyright
CompanyName : Palm, Inc.
FileDescription : HotSync
InternalName : HotSync
OriginalFilename : Hotsync.exe
ProductName : HotSync
Created on : 20/10/2003 3:04:45 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/05/2001 7:52:46 AM

#:32 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 27-07-2004 10:02:37 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 10/01/2004 7:18:11 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/03/2003 11:00:00 AM

#:33 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ThreadCreationTime : 27-07-2004 10:02:38 AM
BasePriority : Normal
FileSize : 352 KB
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
Copyright : Copyright 2000-2002.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
OriginalFilename : BTTray.exe
ProductName : Bluetooth Software 1.3.2.7
Created on : 25/10/2002 1:18:40 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 25/10/2002 1:18:40 PM

#:34 [btstac~1.exe]
FilePath : C:\PROGRA~1\WIDCOMM\BLUETO~1\
ThreadCreationTime : 27-07-2004 10:02:41 AM
BasePriority : Normal
FileSize : 916 KB
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
Copyright : Copyright 2000-2002.
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
OriginalFilename : BTStackServer.exe
ProductName : Bluetooth Software 1.3.2.7

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 27-07-2004 10:02:42 AM
BasePriority : Normal
FileSize : 392 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 04/06/2004 11:37:56 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 04/06/2004 11:37:56 AM

#:36 [kazaalite.kpp]
FilePath : C:\Program Files\Kazaa Lite K++\
ThreadCreationTime : 27-07-2004 10:03:54 AM
BasePriority : Normal
FileSize : 2182 KB
Created on : 16/07/2003 5:19:52 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 16/07/2003 5:19:52 PM

#:37 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 27-07-2004 10:09:49 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14/04/2003 6:30:14 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 14/04/2003 6:30:14 PM

#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 27-07-2004 10:10:41 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 20/10/2003 3:51:29 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 12/07/2003 9:00:20 PM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Marketscore(Netsetter) Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Netsetter


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware.exe
Category : Malware
Comment :
Object : C:\Program Files\NoAdware\
FileSize : 1568 KB
FileVersion : 2.0
ProductVersion : 2.0
Copyright : Copyright © 2003
CompanyName : NoAdware (http://www.noadware.net)
FileDescription : NoAdware Application
InternalName : NoAdware
OriginalFilename : NoAdware.EXE
ProductName : NoAdware Application
Created on : 31/01/2004 12:17:39 PM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 31/01/2004 12:17:40 PM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Cruz PC User\Local Settings\Temporary Internet Files\Content.IE5\4LIZKDYB\
FileSize : 1016 KB
Created on : 27/07/2004 10:05:23 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 27/07/2004 10:05:50 AM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Cruz PC User\Desktop\
FileSize : 1016 KB
Created on : 27/07/2004 10:05:48 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 27/07/2004 10:05:50 AM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 4


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 4




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

SCAM.Enigma.NoAdware Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\NoAdware


SCAM.Enigma.NoAdware Object recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\program files\NoAdware


SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : unins000.dat
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 1 KB
Created on : 27/07/2004 10:05:58 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 27/07/2004 10:06:00 AM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : unins000.exe
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 74 KB
FileVersion : 51.9.0.0
ProductVersion :
Copyright : Copyright © 1997-2003 Jordan Russell
CompanyName : Jordan Russell
FileDescription : Inno Setup Uninstaller
Created on : 28/11/2003 3:00:00 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 28/11/2003 3:00:00 AM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : logs
Category : Malware
Comment :
Object : c:\program files\noadware\

Created on : 27/07/2004 10:07:10 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 27/07/2004 10:07:12 AM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware_071704_v2.na
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 564 KB
Created on : 27/07/2004 10:07:27 AM
Last accessed : 26/07/2004 11:00:00 PM
Last modified : 27/07/2004 10:07:38 AM



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 6
Objects found so far: 10


11:36:12 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:25:19:655
Objects scanned :141430
Objects identified :10
Objects ignored :0
New objects :10







---------------------------------------------------------------------------------------------

And HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 10:10:12, on 27/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MSN plus\MsgPlus.exe
C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.co...ww.amazon.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DE9E1533-BBF8-145A-B628-19B977C80F1D} - C:\PROGRA~1\ACTIVE~1\FaceMath.exe
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"
O4 - HKLM\..\Run: [gram admin] C:\PROGRA~1\CAKEBA~1\MEET LOG.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ONLINEMEDIAGPLMEOW] C:\Documents and Settings\All Users\Application Data\error atom online media\tick third.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7913.3034953704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegr...com/td_netd.cab

#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 01 August 2004 - 01:41 AM

Hi Katzell, and welcome to the forums :cool:

Have you set c:\windows\SYSTEM\blank.htm as your valid homepage? If so, you can leave this entry alone:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

I see that you have Kazaa Lite installed. Your computer can be heavily infected by using Kazaa Lite. The most files you download there contains (a) virus(ses). It's also an illegal hack of Kazaa. Please read this for more information:
http://www.spywarein...m/articles/p2p/
  • Check ALL below in HijackThis, close ALL other windows AND browsers, and click on “Fix Checked”
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.co...ww.amazon.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm (if that page is NOT your homepage, you may fix it)

    O2 - BHO: (no name) - {DE9E1533-BBF8-145A-B628-19B977C80F1D} - C:\PROGRA~1\ACTIVE~1\FaceMath.exe
    O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll

    O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
    O4 - HKLM\..\Run: [gram admin] C:\PROGRA~1\CAKEBA~1\MEET LOG.exe
    O4 - HKLM\..\Run: [ONLINEMEDIAGPLMEOW] C:\Documents and Settings\All Users\Application Data\error atom online media\tick third.exe

    O16 - DPF: Win32 Classes -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
  • Please reboot into safe mode - How do I boot into "Safe" mode?

    The following FILES and DIRECTORIES need to be deleted while in safe mode. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". If no path is listed, you may need to search for the file(s) - To search, click on "Start" => "Search" => "For Files and Folders" => "All Files and Folders" and type in the file name. You can delete it right from the search results window.
    • DIRECTORIES
    • C:\PROGRAM FILES\ACTIVE > folder with “FaceMath.exe” inside
    • C:\Program Files\WindowsSA
    • C:\PROGRAM FILES\CAKEBA.. > folder with “MEET LOG.exe” inside
    • C:\Documents and Settings\All Users\Application Data\error atom online media (The folder in bold)
  • FILES
    • C:\windows\SYSTEM\blank.htm (if that page is NOT your homepage, you may delete it)
    • C:\syslibie.dll (This file could allready be gone, don't worry if it's so)
Reboot again and log in normally.
  • Now do the following:
  • Download and run LSP Fix
  • Check 'I know what I'm doing'.
  • Select all instances of 'osmim.dll'.
  • Click the right-pointing arrow.
  • Click 'Finished'.
  • Restart your computer.
  • Delete the following file: C:\Windows\System32\osmim.dll
  • Reboot for a last time, make a new HijackThis log (make sure you make that log with ALL browserwindows closed) and post it here please
PS: Please don't post Ad Aware logs when I haven't asked for it!
Nucia Security Forums - Dutch Anti-Malware Support

#3 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 03 August 2004 - 05:01 PM

Here is the new logfile after doing everything you said. Sorry about the Ad Aware log, I just wanted to make sure you had everything you needed!

Could you please email me when you reply with a link to this topic to (email addy removed:lpp), SWI will only email once per topic!

thanks!

Logfile of HijackThis v1.97.7
Scan saved at 22:53:33, on 03/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MSN plus\MsgPlus.exe
C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ciuvepzfoizpy...O8DWHgb/WHg.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7913.3034953704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegr...com/td_netd.cab

#4 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 04 August 2004 - 10:58 AM

Hi Katzel,

Your log is almost clean! Very well done! Oh and by the way, please don't post your email-address on the forums, if you don't like spam ;)
  • Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
  • Check the one below in HijackThis, close all other windows AND browsers, and hit fix Checked.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ciuvepzfoizpy...O8DWHgb/WHg.cgi

    I want to make a note, because I see this entry in your log:
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"

    MSN Plus is associated with Lop, and you had a LOP problem :!:

    Go to start - Control Panel - Software - Add/Remove, and uninstall MSN Plus.\
  • Reboot now, make a new HijackThis log and post it here.

Nucia Security Forums - Dutch Anti-Malware Support

#5 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 August 2004 - 02:54 PM

OK, here's the log. Please could you e-mail me again when you reply. In case you don't have my address (i saw that it was edited), I'll e-mail you to the address you e-mailed me from!

Logfile of HijackThis v1.97.7
Scan saved at 20:44:39, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7913.3034953704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegr...com/td_netd.cab

#6 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 05 August 2004 - 03:08 PM

You haven't done everything....

  • Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.


After that, make a new HijackThis log and post it here.

And while you're waiting for the next reply, you should do this:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by greenirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free Google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Edited by H@ns, 05 August 2004 - 03:12 PM.

Nucia Security Forums - Dutch Anti-Malware Support

#7 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 August 2004 - 04:49 PM

Logfile of HijackThis v1.97.7
Scan saved at 22:48:40, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7913.3034953704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegr...com/td_netd.cab

#8 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 August 2004 - 04:51 PM

BTW, sorry about leaving out that bit, thanks for the links, and don't forget to email (I'm very forgetful!!)

#9 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 06 August 2004 - 12:18 PM

Hi Katzell,

SWI will send a email each time I or someone post. So you don't need to ask me to send you emails, SWI will do that for you.

Your log is clean now. Read my prevention speech in my previous post, and use some programs listed there. Don't download everything, don't trust everything and don't allow everything.
Nucia Security Forums - Dutch Anti-Malware Support

#10 katzell

katzell

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 30 August 2004 - 10:40 AM

thank you for your help!!

#11 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 31 August 2004 - 05:35 PM

Glad to help.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button