• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
katzell

Getting Rid Of Mysearchnow Bar

11 posts in this topic

I've got a really annoying blue searchbar at the top of Internet Explorer, and was wondering how to remove it. Following are the logfiles from Ad-aware and hijackthis, so any other help would be appreciated too!

 

The Ad-Aware Log:

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Tuesday, July 27, 2004 11:10:51 AM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R334 24.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R334 24.07.2004

Internal build : 268

File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

Total size : 1316091 Bytes

Signature data size : 1295051 Bytes

Reference data size : 20976 Bytes

Signatures total : 28648

Target categories : 10

Target families : 528

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium III

Memory available:30 %

Total physical memory:392688 kb

Available physical memory:117480 kb

Total page file size:550880 kb

Available on page file:297764 kb

Total virtual memory:2097024 kb

Available virtual memory:2051812 kb

OS:

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

27-07-2004 11:10:51 AM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 27-07-2004 10:02:09 AM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 27-07-2004 10:02:19 AM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 27-07-2004 10:02:20 AM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 10/01/2004 6:23:00 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 27-07-2004 10:02:20 AM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 10/01/2004 6:19:12 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 27-07-2004 10:02:20 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 10/01/2004 6:24:09 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:20 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 10/01/2004 6:24:09 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:7 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 27-07-2004 10:02:24 AM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 10/01/2004 6:17:48 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:8 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 27-07-2004 10:02:24 AM

BasePriority : Normal

FileSize : 301 KB

FileVersion : 1.00.37

ProductVersion : 1.00.37

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Event Manager

Created on : 08/08/2002 9:40:02 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 08/08/2002 9:40:02 PM

 

#:9 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 27-07-2004 10:02:26 AM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 10/01/2004 6:23:53 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:10 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:26 AM

BasePriority : Normal

FileSize : 43 KB

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

OriginalFilename : CTsvcCDA.EXE

ProductName : Creative Service for CDROM Access

Created on : 20/10/2003 1:04:49 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 13/12/1999 12:01:00 AM

 

#:11 [sagent2.exe]

FilePath : C:\Program Files\Common Files\EPSON\EBAPI\

ThreadCreationTime : 27-07-2004 10:02:26 AM

BasePriority : Normal

FileSize : 88 KB

FileVersion : 2, 1, 0, 0

ProductVersion : 1, 0, 0, 0

Copyright : Copyright © SEIKO EPSON CORP. 2000-2001

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Printer Status Agent

InternalName : SAgent2

OriginalFilename : SAgent2.exe

ProductName : EPSON Bidirectional Printer

Created on : 20/10/2003 12:55:48 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 09/08/2001 1:01:00 AM

 

#:12 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 27-07-2004 10:02:26 AM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 25/07/2004 3:49:54 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 14/11/2002 6:41:26 PM

 

#:13 [nvsvc32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:26 AM

BasePriority : Normal

FileSize : 80 KB

FileVersion : 6.14.10.5216

ProductVersion : 6.14.10.5216

Copyright : © NVIDIA Corporation. All rights reserved.

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 52.16

InternalName : NVSVC

OriginalFilename : nvsvc32.exe

ProductName : NVIDIA Driver Helper Service, Version 52.16

Created on : 06/10/2003 1:16:00 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 06/10/2003 1:16:00 PM

 

#:14 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:27 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 10/01/2004 6:24:09 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:15 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM32\ZONELABS\

ThreadCreationTime : 27-07-2004 10:02:27 AM

BasePriority : Normal

FileSize : 893 KB

FileVersion : 5.0.590.043

ProductVersion : 5.0.590.043

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

OriginalFilename : vsmon.exe

ProductName : TrueVector Service

Created on : 22/06/2004 4:23:53 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 16/06/2004 3:47:36 AM

 

#:16 [type32.exe]

FilePath : C:\Program Files\Microsoft Hardware\Keyboard\

ThreadCreationTime : 27-07-2004 10:02:32 AM

BasePriority : Normal

FileSize : 92 KB

FileVersion : 2.20.447.0

ProductVersion : 2.2

Copyright : Copyright © Microsoft Corp. 1995-2001

CompanyName : Microsoft Corporation

FileDescription : Microsoft IntelliType Pro

InternalName : Type32

OriginalFilename : Type32.exe

ProductName : Microsoft IntelliType Pro

Created on : 21/03/2002 8:41:56 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 21/03/2002 8:41:56 PM

 

#:17 [vproperty.exe]

FilePath : C:\PROGRA~1\PHILIP~1\

ThreadCreationTime : 27-07-2004 10:02:32 AM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 1.05

ProductVersion : 5.1.2600.105

Copyright : Copyright

CompanyName : Philips PC Cameras

FileDescription : VProperty

InternalName : VProperty.exe

OriginalFilename : VProperty.exe

ProductName : Philips PC Cameras ToUcam VProperty

Created on : 22/10/2003 6:01:26 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 28/11/2001 1:50:10 PM

 

#:18 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 27-07-2004 10:02:32 AM

BasePriority : Normal

FileSize : 176 KB

FileVersion : 0.1.0.3018

ProductVersion : 0.1.0.3018

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealPlayer (32-bit)

Created on : 19/04/2004 7:55:24 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 19/04/2004 7:55:26 PM

 

#:19 [ctsysvol.exe]

FilePath : C:\Program Files\Creative\SBAudigy2\Surround Mixer\

ThreadCreationTime : 27-07-2004 10:02:32 AM

BasePriority : Normal

FileSize : 48 KB

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

Copyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

OriginalFilename : CTSysVol.exe

ProductName : Creative Volume Control

Created on : 24/04/2004 12:20:15 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 29/10/2002 8:18:24 AM

 

#:20 [ctdvddet.exe]

FilePath : C:\Program Files\Creative\SBAudigy2\DVDAudio\

ThreadCreationTime : 27-07-2004 10:02:32 AM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

Copyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

OriginalFilename : CTDVDDET.EXE

ProductName : CTDVDDET

Created on : 24/04/2004 12:21:22 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 30/09/2002

 

#:21 [cthelper.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:33 AM

BasePriority : Normal

FileSize : 28 KB

FileVersion : 1, 0, 0, 16

ProductVersion : 1, 0, 0, 16

Copyright : Copyright © 2002-03

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

OriginalFilename : CtHelper.EXE

ProductName : CtHelper Application

Created on : 24/04/2004 12:23:26 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 10/04/2003 8:36:52 AM

 

#:22 [opware32.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 48 KB

FileVersion : 11.0

ProductVersion : 11.0

Copyright : Copyright

CompanyName : ScanSoft, Inc

FileDescription : OCR Aware (32-bit)

InternalName : Opware32.exe

OriginalFilename : Opware32.exe

ProductName : OmniPage SE

Created on : 03/06/2002 10:38:12 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 03/06/2002 10:38:12 AM

 

#:23 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\Version 4.6\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 280 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

OriginalFilename : iTunesHelper.exe

ProductName : iTunes

Created on : 04/06/2004 11:38:12 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 04/06/2004 11:38:12 AM

 

#:24 [clonecdtray.exe]

FilePath : C:\Program Files\Elaborate Bytes\CloneCD\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 72 KB

FileVersion : 4, 2, 0, 0

ProductVersion : 4, 2, 0, 0

Copyright : Copyright

CompanyName : Elaborate Bytes AG

FileDescription : CloneCD Tray

InternalName : CloneCDTray

OriginalFilename : CloneCDTray.exe

ProductName : CloneCD

Created on : 02/12/2002 2:17:37 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 02/12/2002 2:17:38 PM

 

#:25 [msgplus.exe]

FilePath : C:\Program Files\MSN plus\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 160 KB

FileVersion : 3, 0, 0, 94

ProductVersion : 3, 0, 0, 94

Copyright : Copyright © 2001-2004

CompanyName : Patchou

FileDescription : Messenger Plus!

InternalName : MsgPlus

OriginalFilename : MsgPlus.exe

ProductName : Messenger Plus! 3

Created on : 17/06/2004 8:45:06 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 17/06/2004 8:45:08 PM

 

#:26 [zlclient.exe]

FilePath : C:\Program Files\ZoneAlarm\ZoneAlarm\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 681 KB

FileVersion : 5.0.590.043

ProductVersion : 5.0.590.043

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

OriginalFilename : zlclient.exe

ProductName : Zone Labs Client

Created on : 22/06/2004 4:23:57 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 16/06/2004 3:48:24 AM

 

#:27 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 27-07-2004 10:02:34 AM

BasePriority : Normal

FileSize : 49 KB

FileVersion : 1.00.104

ProductVersion : 1.00.104

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client CC App

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 19/08/2002 9:22:38 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 19/08/2002 9:22:38 PM

 

#:28 [rundll32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 27-07-2004 10:02:35 AM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft

Created on : 10/01/2004 6:22:44 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:29 [rftray.exe]

FilePath : C:\PROGRA~1\PHILIP~1\GameCam SE\Program\

ThreadCreationTime : 27-07-2004 10:02:36 AM

BasePriority : Normal

FileSize : 32 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright

FileDescription : Reality Fusion Tray Application

InternalName : RFTRAY

OriginalFilename : RFTRAY.EXE

ProductName : Reality Fusion Tray Application

Created on : 22/10/2003 6:03:03 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 17/08/2000 4:40:20 PM

 

#:30 [iexplore.exe]

FilePath : c:\progra~1\intern~1\

ThreadCreationTime : 27-07-2004 10:02:37 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 10/01/2004 7:18:11 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:31 [hotsync.exe]

FilePath : C:\Program Files\Sony Handheld\

ThreadCreationTime : 27-07-2004 10:02:37 AM

BasePriority : Normal

FileSize : 292 KB

FileVersion : 4.0.1

ProductVersion : 4.0.1

Copyright : Copyright

CompanyName : Palm, Inc.

FileDescription : HotSync

InternalName : HotSync

OriginalFilename : Hotsync.exe

ProductName : HotSync

Created on : 20/10/2003 3:04:45 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/05/2001 7:52:46 AM

 

#:32 [iexplore.exe]

FilePath : c:\progra~1\intern~1\

ThreadCreationTime : 27-07-2004 10:02:37 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 10/01/2004 7:18:11 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/03/2003 11:00:00 AM

 

#:33 [bttray.exe]

FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\

ThreadCreationTime : 27-07-2004 10:02:38 AM

BasePriority : Normal

FileSize : 352 KB

FileVersion : 1.3.2.7

ProductVersion : 1.3.2.7

Copyright : Copyright 2000-2002.

FileDescription : Bluetooth Tray Application

InternalName : BTTray

OriginalFilename : BTTray.exe

ProductName : Bluetooth Software 1.3.2.7

Created on : 25/10/2002 1:18:40 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 25/10/2002 1:18:40 PM

 

#:34 [btstac~1.exe]

FilePath : C:\PROGRA~1\WIDCOMM\BLUETO~1\

ThreadCreationTime : 27-07-2004 10:02:41 AM

BasePriority : Normal

FileSize : 916 KB

FileVersion : 1.3.2.7

ProductVersion : 1.3.2.7

Copyright : Copyright 2000-2002.

FileDescription : Bluetooth Stack COM Server

InternalName : BTStackServer

OriginalFilename : BTStackServer.exe

ProductName : Bluetooth Software 1.3.2.7

 

#:35 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ThreadCreationTime : 27-07-2004 10:02:42 AM

BasePriority : Normal

FileSize : 392 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

OriginalFilename : iPodService.exe

ProductName : iTunes

Created on : 04/06/2004 11:37:56 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 04/06/2004 11:37:56 AM

 

#:36 [kazaalite.kpp]

FilePath : C:\Program Files\Kazaa Lite K++\

ThreadCreationTime : 27-07-2004 10:03:54 AM

BasePriority : Normal

FileSize : 2182 KB

Created on : 16/07/2003 5:19:52 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 16/07/2003 5:19:52 PM

 

#:37 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ThreadCreationTime : 27-07-2004 10:09:49 AM

BasePriority : Normal

FileSize : 1456 KB

FileVersion : 4.7.2009

ProductVersion : Version 4.7

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 14/04/2003 6:30:14 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 14/04/2003 6:30:14 PM

 

#:38 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 27-07-2004 10:10:41 AM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 20/10/2003 3:51:29 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 12/07/2003 9:00:20 PM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Marketscore(Netsetter) Object recognized!

Type : RegKey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Netsetter

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : noadware.exe

Category : Malware

Comment :

Object : C:\Program Files\NoAdware\

FileSize : 1568 KB

FileVersion : 2.0

ProductVersion : 2.0

Copyright : Copyright © 2003

CompanyName : NoAdware (http://www.noadware.net)

FileDescription : NoAdware Application

InternalName : NoAdware

OriginalFilename : NoAdware.EXE

ProductName : NoAdware Application

Created on : 31/01/2004 12:17:39 PM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 31/01/2004 12:17:40 PM

 

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : noadware[1].exe

Category : Malware

Comment :

Object : C:\Documents and Settings\Cruz PC User\Local Settings\Temporary Internet Files\Content.IE5\4LIZKDYB\

FileSize : 1016 KB

Created on : 27/07/2004 10:05:23 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 27/07/2004 10:05:50 AM

 

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : noadware.exe

Category : Malware

Comment :

Object : C:\Documents and Settings\Cruz PC User\Desktop\

FileSize : 1016 KB

Created on : 27/07/2004 10:05:48 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 27/07/2004 10:05:50 AM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 4

 

 

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hosts file scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

1 entries scanned.

New objects :0

Objects found so far: 4

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

SCAM.Enigma.NoAdware Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : SOFTWARE\NoAdware

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : Folder

Category : Malware

Comment :

Object : c:\program files\NoAdware

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : unins000.dat

Category : Malware

Comment :

Object : c:\program files\noadware\

FileSize : 1 KB

Created on : 27/07/2004 10:05:58 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 27/07/2004 10:06:00 AM

 

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : unins000.exe

Category : Malware

Comment :

Object : c:\program files\noadware\

FileSize : 74 KB

FileVersion : 51.9.0.0

ProductVersion :

Copyright : Copyright © 1997-2003 Jordan Russell

CompanyName : Jordan Russell

FileDescription : Inno Setup Uninstaller

Created on : 28/11/2003 3:00:00 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 28/11/2003 3:00:00 AM

 

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : logs

Category : Malware

Comment :

Object : c:\program files\noadware\

 

Created on : 27/07/2004 10:07:10 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 27/07/2004 10:07:12 AM

 

 

 

SCAM.Enigma.NoAdware Object recognized!

Type : File

Data : noadware_071704_v2.na

Category : Malware

Comment :

Object : c:\program files\noadware\

FileSize : 564 KB

Created on : 27/07/2004 10:07:27 AM

Last accessed : 26/07/2004 11:00:00 PM

Last modified : 27/07/2004 10:07:38 AM

 

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 6

Objects found so far: 10

 

 

11:36:12 AM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:25:19:655

Objects scanned :141430

Objects identified :10

Objects ignored :0

New objects :10

 

 

 

 

 

 

 

---------------------------------------------------------------------------------------------

 

And HijackThis:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:10:12, on 27/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\PHILIP~1\VProperty.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Program Files\MSN plus\MsgPlus.exe

C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\RUNDLL32.EXE

c:\progra~1\intern~1\iexplore.exe

C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

C:\Program Files\Sony Handheld\Hotsync.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Kazaa Lite K++\KazaaLite.kpp

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...ww.amazon.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {DE9E1533-BBF8-145A-B628-19B977C80F1D} - C:\PROGRA~1\ACTIVE~1\FaceMath.exe

O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe

O4 - HKLM\..\Run: [uStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"

O4 - HKLM\..\Run: [gram admin] C:\PROGRA~1\CAKEBA~1\MEET LOG.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ONLINEMEDIAGPLMEOW] C:\Documents and Settings\All Users\Application Data\error atom online media\tick third.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O16 - DPF: Win32 Classes -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/...E_5.3.0.228.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19a15506aa4918...ip/RdxIE601.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7913.3034953704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab

Share this post


Link to post
Share on other sites

Hi Katzell, and welcome to the forums :cool:

 

Have you set c:\windows\SYSTEM\blank.htm as your valid homepage? If so, you can leave this entry alone:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

 

I see that you have Kazaa Lite installed. Your computer can be heavily infected by using Kazaa Lite. The most files you download there contains (a) virus(ses). It's also an illegal hack of Kazaa. Please read this for more information:

http://www.spywareinfo.com/articles/p2p/

  • Check ALL below in HijackThis, close ALL other windows AND browsers, and click on “Fix Checked”
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...ww.amazon.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm (if that page is NOT your homepage, you may fix it)
     
    O2 - BHO: (no name) - {DE9E1533-BBF8-145A-B628-19B977C80F1D} - C:\PROGRA~1\ACTIVE~1\FaceMath.exe
    O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - c:\syslibie.dll
     
    O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
    O4 - HKLM\..\Run: [gram admin] C:\PROGRA~1\CAKEBA~1\MEET LOG.exe
    O4 - HKLM\..\Run: [ONLINEMEDIAGPLMEOW] C:\Documents and Settings\All Users\Application Data\error atom online media\tick third.exe
     
    O16 - DPF: Win32 Classes -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19a15506aa4918...ip/RdxIE601.cab

  • Please reboot into safe mode - How do I boot into "Safe" mode?
     
    The following FILES and DIRECTORIES need to be deleted while in safe mode. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". If no path is listed, you may need to search for the file(s) - To search, click on "Start" => "Search" => "For Files and Folders" => "All Files and Folders" and type in the file name. You can delete it right from the search results window.
    1. DIRECTORIES
      • C:\PROGRAM FILES\ACTIVE > folder with “FaceMath.exe” inside
      • C:\Program Files\WindowsSA
      • C:\PROGRAM FILES\CAKEBA.. > folder with “MEET LOG.exe” inside
      • C:\Documents and Settings\All Users\Application Data\error atom online media (The folder in bold)

    [*]FILES

    • C:\windows\SYSTEM\blank.htm (if that page is NOT your homepage, you may delete it)
    • C:\syslibie.dll (This file could allready be gone, don't worry if it's so)

Reboot again and log in normally.

  • Now do the following:
    • Download and run LSP Fix
    • Check 'I know what I'm doing'.
    • Select all instances of 'osmim.dll'.
    • Click the right-pointing arrow.
    • Click 'Finished'.
    • Restart your computer.
    • Delete the following file: C:\Windows\System32\osmim.dll

  • Reboot for a last time, make a new HijackThis log (make sure you make that log with ALL browserwindows closed) and post it here please

PS: Please don't post Ad Aware logs when I haven't asked for it!

Share this post


Link to post
Share on other sites

Here is the new logfile after doing everything you said. Sorry about the Ad Aware log, I just wanted to make sure you had everything you needed!

 

Could you please email me when you reply with a link to this topic to (email addy removed:lpp), SWI will only email once per topic!

 

thanks!

 

Logfile of HijackThis v1.97.7

Scan saved at 22:53:33, on 03/08/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\PHILIP~1\VProperty.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Program Files\MSN plus\MsgPlus.exe

C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

C:\Program Files\Sony Handheld\Hotsync.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ciuvepzfoizpytgy.com/TMcRYbGTZuWn6M...O8DWHgb/WHg.cgi

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe

O4 - HKLM\..\Run: [uStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/...E_5.3.0.228.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7913.3034953704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab

Share this post


Link to post
Share on other sites

Hi Katzel,

 

Your log is almost clean! Very well done! Oh and by the way, please don't post your email-address on the forums, if you don't like spam ;)

  • Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
     
  • Check the one below in HijackThis, close all other windows AND browsers, and hit fix Checked.
     
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ciuvepzfoizpytgy.com/TMcRYbGTZuWn6M...O8DWHgb/WHg.cgi
     
    I want to make a note, because I see this entry in your log:
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN plus\MsgPlus.exe"
     
    MSN Plus is associated with Lop, and you had a LOP problem :!:
     
    Go to start - Control Panel - Software - Add/Remove, and uninstall MSN Plus.\
     
  • Reboot now, make a new HijackThis log and post it here.

Share this post


Link to post
Share on other sites

OK, here's the log. Please could you e-mail me again when you reply. In case you don't have my address (i saw that it was edited), I'll e-mail you to the address you e-mailed me from!

 

Logfile of HijackThis v1.97.7

Scan saved at 20:44:39, on 05/08/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\PHILIP~1\VProperty.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

C:\Program Files\Sony Handheld\Hotsync.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Cruz PC User\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe

O4 - HKLM\..\Run: [uStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/...E_5.3.0.228.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7913.3034953704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab

Share this post


Link to post
Share on other sites

You haven't done everything....

 


  •  
     
  • Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
     
     

 

After that, make a new HijackThis log and post it here.

 

And while you're waiting for the next reply, you should do this:

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by greenirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free Google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Edited by H@ns

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 22:48:40, on 05/08/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\PHILIP~1\VProperty.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

C:\Program Files\Sony Handheld\Hotsync.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amazon.co.uk/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe

O4 - HKLM\..\Run: [uStorage] c:\program files\u-storage tools1.0\ustorage.exe sys_auto_run C:\PROGRAM FILES\U-STORAGE TOOLS1.0

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\Version 4.6\iTunesHelper.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\PROGRA~1\PHILIP~1\GameCam SE\Program\RFTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/...E_5.3.0.228.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7913.3034953704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab

Share this post


Link to post
Share on other sites

Hi Katzell,

 

SWI will send a email each time I or someone post. So you don't need to ask me to send you emails, SWI will do that for you.

 

Your log is clean now. Read my prevention speech in my previous post, and use some programs listed there. Don't download everything, don't trust everything and don't allow everything.

Share this post


Link to post
Share on other sites

Glad to help.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0