• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
louisa1212

bad spyware... I've tried everything :( Help!

7 posts in this topic

First, I kept being taken to a florescent green angelfire site and another site like ewook (sp??)

 

Norton first noted that I had a virus. It was in systemse.exe and was created zillions of randomly numbered tftp files, size 0 b. Norton slowly deleted most of the tftp files, I deleted more manually. Norton also found problems in msnmsgr.exe, and there was a 9721_upload.exe. Norton called this a w32.spybot.worm but couldn’t cure it… often it couldn’t even quarantine it initially (although later it said quarantine was successful for the same file name).

 

My computer also seems to be uploading a lot more information than it should!

 

I have run: adaware, spybot s&d, cwshredder, and aluria’s Spyware eliminator. I fixed everything that came up in Adaware and Spybot s&d. I had no issues according to cwshredder. Aluria’s spyware eliminator said that I had two problems in: HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\internet settings\zonemap\domains\

 

Also, I’ve read (and followed) all of your instructions. I couldn’t run Panda or Trendmicro… although I tried. Trojanhunter didn’t find anything.

 

Please help... thank you, thank you!

 

***

 

Logfile of HijackThis v1.97.7

Scan saved at 2:23:40 PM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\HPConfig.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\HPONE-~1\OneTouch.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.internet-search.info

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://calmail.berkeley.edu/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\Run: [msn] msnmsgr.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\RunServices: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.att.net

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

louisa1212:

 

You have the RBot worm. It does behave exactly as you've said, and it would be uploading more information than you'd normally expect. You can read more about that here.

 

We can try to eliminate it manually. Run HijackThis! again and place a check mark next to the following items:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.internet-search.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

 

The following lines are optional to check. They don't need to be run at startup and only waste system resources:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

Now, click on "Fix Checked" and let HijackThis! do its work. After it's finished, you'll need to reboot, but you need to reboot into Safe Mode. If you don't know how to do that, consult this: How do I boot into "Safe" mode?. Once in Safe Mode, delete systemse.exe, then boot back into normal mode. Update your Norton Anti-Virus database through Live Update, then scan your system again. After you've finished, post another HijackThis! log in this thread so that we can see if you're clean.

Share this post


Link to post
Share on other sites

I followed all of your directions and have included my most recent HijackThis log.

 

Thank you so much for your help! I've been absolutely flailing for the past few days and you made things so easy. You are wonderful for helping! And so quickly, too.

 

I think I'll stick to firefox from now on. :)

 

Do you recommend I reinstall my OS and Microsoft Office to make extra sure everything is clean? And do I need to worry about msnmsgr.exe? or the RunServices [Microsoft Update Machine] systemse.exe?

 

Thank you.

 

***

Logfile of HijackThis v1.97.7

Scan saved at 4:38:29 PM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\HPConfig.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\HPONE-~1\OneTouch.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://calmail.berkeley.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [msn] msnmsgr.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\RunServices: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.att.net

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hmm, I just ran Norton again and it found a new virus: c.bat in c:\windows\system32. Norton quarantined but couldn't clean. I tried to get rid of it using spybot s&d, trojanhunter, adaware and nothing worked again... please help. Thank you!!!!

 

***

Logfile of HijackThis v1.97.7

Scan saved at 5:48:50 PM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\HPConfig.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\HPONE-~1\OneTouch.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\TrojanHunter 3.9\TrojanHunter.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://calmail.berkeley.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [msn] msnmsgr.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\RunServices: [msn] msnmsgr.exe

O4 - HKCU\..\Run: [msn] msnmsgr.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.att.net

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Yes, you have to worry about systemse.exe, since that's the trojan file. That's why I asked you to remove both entries for it using HijackThis! and reboot into Safe Mode to delete the file. msnmsgr.exe is the legitimate MSN Messenger file; only remove it using HijackThis! if you're not using MSN Messenger.

 

So, go back into HijackThis! and check the following line:

 

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

 

Close all browser windows, and click on "Fix Checked". Then reboot into Safe Mode, find systemse.exe, and delete it. Then, reboot into normal mode and do another HijackThis! log.

Share this post


Link to post
Share on other sites

OK, I deleted the runsystem\...\systemse.exe using hijackthis. I went into my computer in safe mode and searched all files and folders and didn't find systemse. I guess it was deleted the first time go around in safe mode.

 

I'm still concerned about the c_bat virus that Norton just found. It is located in c:\windows\system32 and Norton said it was quarantined. When I was in safe mode I checked the system32 folder and didn't see any c_bat. Ought I do anything else?

 

Thank you so much for your help. The constant queries must get tiresome. :)

 

Good night!

 

***

Logfile of HijackThis v1.97.7

Scan saved at 7:01:01 PM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\HPConfig.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\HPONE-~1\OneTouch.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://calmail.berkeley.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.att.net

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Louisa:

 

Your log looks clean now. Just empty out Norton's quarantine files and it'll be off your system for good. And the "constant queries" aren't tiresome. We're here to help, after all.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0