Trouble with pop up ads - Hijack This Log
Would someone please look at my Hijack This log and help me to solve the problem. My computer continue pop up with ads likes: http://ad.firstadsolution.com, http://www.odp.com, http://www.abcsearch.com, http://passion.com, etc. Its pop up constantly and I cannot stop it. Some times my screen stuck too.
Here is Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 9:28:15 AM, on 01/03/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\pbwqrgz.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\aupdate.exe
C:\WINDOWS\pbwqrgzA.exe
C:\WINDOWS\z00098.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\sys01190467509-.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\WINDOWS\system32\n?tdde.exe
C:\Program Files\CMMan\CMMan.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HOAVO~1.HOA\LOCALS~1\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\Downloaded Program Files\IEHelper.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\system32\aupdate.exe
O4 - HKLM\..\Run: [pbwqrgzA] C:\WINDOWS\pbwqrgzA.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00098.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [sys01190467509-] C:\WINDOWS\sys01190467509-.exe
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} (IEHlprObj Class) - https://go3f.wspan.com/secure/DLLs/IEHelper.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pbwqrgz.exe
Please help me! Thank you
Here is Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 9:28:15 AM, on 01/03/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\pbwqrgz.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\aupdate.exe
C:\WINDOWS\pbwqrgzA.exe
C:\WINDOWS\z00098.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\sys01190467509-.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\WINDOWS\system32\n?tdde.exe
C:\Program Files\CMMan\CMMan.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HOAVO~1.HOA\LOCALS~1\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\Downloaded Program Files\IEHelper.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\system32\aupdate.exe
O4 - HKLM\..\Run: [pbwqrgzA] C:\WINDOWS\pbwqrgzA.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00098.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [sys01190467509-] C:\WINDOWS\sys01190467509-.exe
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} (IEHlprObj Class) - https://go3f.wspan.com/secure/DLLs/IEHelper.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pbwqrgz.exe
Please help me! Thank you
0
This discussion has been closed.
Comments
Here is my new Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 11:29:45 AM, on 01/03/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\aupdate.exe
C:\WINDOWS\z00098.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\sys01190467509-.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\WINDOWS\system32\n?tdde.exe
C:\Program Files\CMMan\CMMan.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\Downloaded Program Files\IEHelper.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\system32\aupdate.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00098.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [sys01190467509-] C:\WINDOWS\sys01190467509-.exe
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} (IEHlprObj Class) - https://go3f.wspan.com/secure/DLLs/IEHelper.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
AdAware 1.06--Here
Spybot Search and Destroy--Here
Microsoft Anti-Spyware Beta--Here
After downloading the above programs you will need to update all of them.
Next you need to boot your PC into safe mode. If you're not sure how to do that just restart your PC and begin pressing the F8 key until a multiple choice menu appears. You can then select safe mode.
Next run a full scan with each of the above anti-spyware products and run a full virus scan with your Symantec Anti-Virus.
Follow the instructions the programs give and delete anything they find. After this reboot your PC into normal mode and post another Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 5:55:57 PM, on 01/03/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\sys01190467509-.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\WINDOWS\system32\n?tdde.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\javaw.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [sys01190467509-] C:\WINDOWS\sys01190467509-.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - https://go3f.wspan.com/secure/DLLs/IEHelper.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Then I ran full scan with Symantec Anti-Virus and it is OK.
My computer use DSL and it hook up to Actiontec DSL gateway provided by Qwest. Some others computer on the network were hook-up to this DSL gateway too, but other computers don't have pop up ads problem like this one.
Right now, I still received constant pop up ads on this computer even I am not open the Web browser (internet explorer). I noticed that my internet explorer start get stuck when I on browser for few minutes.
Download this program, update it, but don't run it yet
Ewido Security Suite Trial Version--Here
After you have downloaded and updated Ewido visit the link below to do an online scan.
Do an online housecall scan from Trend Micro--Here
After the online scan restart in safe mode (with no networking) and run a full scan with Ewido. Save the Ewido log and post it here. Also post another Hijack This log after both scans have completed and you have restarted in normal mode.
After these finish we will then go through the Hijack This log to try to clean out some of the nasties. Before you run the Ewido or Trend Micro scan you might want to disable system restore temporarily so that nothing will get back in to re-infect. We'll turn system restore back on later. To do this click on the start button and then right click on My Computer and go to properties and left click. Click the System Restore tab and put a check in the box that says "turn off system restore".
Here is Ewido log:
ewido anti-malware - Scan report
+ Created on: 3:00:35 PM, 01/04/06
+ Report-Checksum: 6036590D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Spyware.URLBlaze : Cleaned with backup
HKU\S-1-5-21-1645522239-362288127-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Spyware.URLBlaze : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@adopt.specificclick[1].txt[/email] -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@ads.addynamix[1].txt[/email] -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@ads1.revenue[1].txt[/email] -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@advertising[2].txt[/email] -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@as-eu.falkag[1].txt[/email] -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@as-us.falkag[1].txt[/email] -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@as1.falkag[1].txt[/email] -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@burstnet[2].txt[/email] -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@com[2].txt[/email] -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@data1.perf.overture[2].txt[/email] -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@data3.perf.overture[1].txt[/email] -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@doubleclick[2].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@edge.ru4[1].txt[/email] -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@ehg-nestleusainc.hitbox[1].txt[/email] -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@entrepreneur.122.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@fastclick[1].txt[/email] -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@hitbox[2].txt[/email] -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@hypertracker[1].txt[/email] -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@media.fastclick[2].txt[/email] -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@mediaplex[1].txt[/email] -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@microsofteup.112.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@microsoftwga.112.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@partygaming.122.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@paypopup[1].txt[/email] -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@perf.overture[1].txt[/email] -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@qksrv[2].txt[/email] -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@questionmarket[2].txt[/email] -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@revenue[2].txt[/email] -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@rotator.adjuggler[1].txt[/email] -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@tradedoubler[1].txt[/email] -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@trafficmp[1].txt[/email] -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@valueclick[2].txt[/email] -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@www.myaffiliateprogram[1].txt[/email] -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@yieldmanager[2].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hoa Vo.HOAVO\Cookies\hoa [email]vo@z1.adserver[1].txt[/email] -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\sys01190467509-.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYS99.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\app_b.exe -> Dropper.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\Explorer.$$A -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\fran-hot.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\sate.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\Temp\Cookies\hoa [email]vo@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\hoa [email]vo@adopt.specificclick[1].txt[/email] -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\hoa [email]vo@yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
::Report End
================================
Here is a new Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 3:06:55 PM, on 01/04/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\WINDOWS\system32\n?tdde.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\javaw.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Some times my screen receive a little pop up window read:
Server Busy
This action cannot be completed because the "program manager" program is not responding. Choose "swith to" and correct the problem.
Button: Switch to - Button: Retry - Button: Cancel (no click option)
When this pop up I cannot do anything else, but when I click "swith to" or "retry" it does not thing and I cannot close it either. I have to turn computer off and turn it on.
After you have done this restart in safe mode and go to the folder where you put the program. Double click the sysclean.com program. The scan will begin and it takes a long time, but be patient. It will generate a log file when it's done. Be sure to save the log.
After doing that restart in normal mode and run Hijack This again. Put a check mark next to the following entries and click "fix checked". Do not be alarmed if they don't exist:
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O4 - HKCU\..\Run: [Kzf] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
Next step is to visit this site: http://www.purityscan.com/uninstall.html and run the purity scan removal tool. I know this is a lot of stuff but it should be worth it. Post the log from Trend Micro sysclean and a new Hijack This log after you do all the above.
/
\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\
/
2006-01-05, 10:01:38, Auto-clean mode specified.
2006-01-05, 10:01:38, Running scanner "C:\Trendmicro\TSC.BIN"...
2006-01-05, 10:02:13, Scanner "C:\Trendmicro\TSC.BIN" has finished running.
2006-01-05, 10:02:13, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)
Start time : Thu Jan 05 2006 10:01:38
Load Damage Cleanup Template (DCT) "C:\Trendmicro\tsc.ptn" (version 694) [success]
Complete time : Thu Jan 05 2006 10:02:13
Execute pattern count(4627), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-01-05, 10:08:20, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-01-05, 10:08:26, Could not set file for reading on "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-01-05, 10:08:49, An error was detected on "C:\Documents and Settings\Hoa Vo\*.*": Access is denied.
2006-01-05, 10:08:49, An error occurred while scanning file "C:\Documents and Settings\Hoa Vo.HOAVO\NTUSER.DAT": Access is denied.
2006-01-05, 10:08:49, An error occurred while scanning file "C:\Documents and Settings\Hoa Vo.HOAVO\ntuser.dat.LOG": Access is denied.
2006-01-05, 10:09:29, An error was detected on "C:\Documents and Settings\Hoa Vo.HOAVO\Favorites\Others\Câu chuy?n hay\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-01-05, 10:09:29, An error was detected on "C:\Documents and Settings\Hoa Vo.HOAVO\Favorites\Others\Lu?t làm Tho\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-01-05, 10:19:02, An error occurred while scanning file "C:\Documents and Settings\Hoa Vo.HOAVO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-01-05, 10:19:02, An error occurred while scanning file "C:\Documents and Settings\Hoa Vo.HOAVO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-01-05, 10:22:24, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT": Access is denied.
2006-01-05, 10:22:24, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG": Access is denied.
2006-01-05, 10:22:24, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-01-05, 10:22:24, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-01-05, 10:48:29, Could not set file for reading on "C:\Program Files\Symantec AntiVirus\SAVRT\0181NAV~.TMP": Access is denied.
2006-01-05, 10:50:51, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\es.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Access is denied.
2006-01-05, 10:57:30, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROBAT.EXE-20E0511D.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROTRAY.EXE-1E272807.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\BRQIKMON.EXE-078C603A.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\DLLHOST.EXE-1F04E0E7.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-13B3F319.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\FILTERAGENT.EXE-094650BB.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASDTSERV.EXE-04B13CAF.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\HKCMD.EXE-1D05234B.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAW.EXE-1DA9F6E6.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\JSERVER.EXE-03C9BD8B.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-123803F3.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\OADP.EXE-3A5C2CCC.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\OADPUTIL.EXE-0097DB9F.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-106351DB.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\PRONOMGR.EXE-1032212D.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-385E89E5.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SABSERV.EXE-039BE834.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SABSPLASH.EXE-32E5A1CD.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SABSTART.EXE-343BB53C.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SMAGENT.EXE-34504AD2.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\SMTRAY.EXE-025A616B.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\TCPSVCS.EXE-05847ECC.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\VPSKEYS.EXE-106CAF0D.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WEBSHOTS.SCR-00CD1965.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-01-05, 11:05:01, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-256366BA.pf": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2006-01-05, 11:08:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-01-05, 11:12:28, Running scanner "C:\Trendmicro\VSCANTM.BIN"...
2006-01-05, 11:51:21, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/5/2006 11:12:29
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 146 (118375 Patterns) (2006/01/05) (314602)
Command Line: C:\Trendmicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Trendmicro
68988 files have been read.
68988 files have been checked.
52869 files have been scanned.
116171 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/5/2006 11:51:21
*
*
*
*
*
*
*
*
2006-01-05, 11:51:21, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/5/2006 11:12:28
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 146 (118375 Patterns) (2006/01/05) (314602)
Command Line: C:\Trendmicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Trendmicro
68988 files have been read.
68988 files have been checked.
52869 files have been scanned.
116171 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/5/2006 11:51:21 38 minutes 47 seconds (2326.89 seconds) has elapsed.
*
*
*
*
*
*
*
*
2006-01-05, 11:51:21, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/5/2006 11:12:28
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 146 (118375 Patterns) (2006/01/05) (314602)
Command Line: C:\Trendmicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Trendmicro
68988 files have been read.
68988 files have been checked.
52869 files have been scanned.
116171 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/5/2006 11:51:21 38 minutes 47 seconds (2326.89 seconds) has elapsed.
*
*
*
*
*
*
*
*
2006-01-05, 11:51:21, Scanner "C:\Trendmicro\VSCANTM.BIN" has finished running.
=====================================================
OK. Here is my new Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:17:12 PM, on 01/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rlrc\earh.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\n?tdde.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Utcs] "C:\Program Files\rlrc\earh.exe" -vt yazr
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:40:53 PM, on 01/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\javaw.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Here is my new Hijack This log, if you see any problem in this log please let me know. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:15 AM, on 01/06/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\CfgSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\DllHost.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Java Sabre Server (JSERVER)] C:\SABRE\Apps\Portal\JServer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [imzm] C:\PROGRA~1\COMMON~1\imzm\imzmm.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.gdpt.net/tdserver.cab
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122862878259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122866219734
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go3f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go3f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - http://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://gopublic.wspan.com/secure/DLLs/Comdlg32.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3CD55AE-277B-41BB-BF67-FE232AEEF5D0}: Domain = xmission.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = xmission.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xmission.com
O18 - Filter: text/html - {994D478A-2BD0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCHelp\FCHelp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\System32\CfgSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe