pop ups make a me crazy
Hi there,
Thank you in advance for your help. I know all of you do this for free and I am very grateful for your generosity. I have have pop ups happening all over the place. They mostly happen when I open a browser or change sites. I don't have any clue whats causing them and all my internet searches have been fruitless. Norton finds a trojan, removes it, and still there are pop ups. I downloaded hijack this! but am not experienced enough (I'm such a n00b) to figure out what it says. Can you help me? Here is my hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 7:32:06 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\?ppPatch\d?dplay.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waowop.exe reg_run
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [Rias] "C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe" -vt yazr
O4 - HKCU\..\Run: [Xupgp] C:\Program Files\?ppPatch\d?dplay.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\i8nmli5118.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
PS My three year old thanks you too. He wants to play sesame street in peace. He kinda talks like he's italian (make a the sandwich, I want a the drink, ect) which is the inspiration to my title. lol. Thanks again.
Thank you in advance for your help. I know all of you do this for free and I am very grateful for your generosity. I have have pop ups happening all over the place. They mostly happen when I open a browser or change sites. I don't have any clue whats causing them and all my internet searches have been fruitless. Norton finds a trojan, removes it, and still there are pop ups. I downloaded hijack this! but am not experienced enough (I'm such a n00b) to figure out what it says. Can you help me? Here is my hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 7:32:06 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\?ppPatch\d?dplay.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waowop.exe reg_run
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [Rias] "C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe" -vt yazr
O4 - HKCU\..\Run: [Xupgp] C:\Program Files\?ppPatch\d?dplay.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\i8nmli5118.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
PS My three year old thanks you too. He wants to play sesame street in peace. He kinda talks like he's italian (make a the sandwich, I want a the drink, ect) which is the inspiration to my title. lol. Thanks again.
0
This discussion has been closed.
Comments
Please download Look2Me-Destroyer.exe to your desktop.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Once you've posted back with the results of this scan we'll work on the other infections.
Thanks for your quick response. I am sooooo appreciative. I got one pop up when I started explorer but it's been good since then. Here's the Look2Me-Destroyer.txt:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 4/15/2006 8:53:12 PM
Infected! C:\WINDOWS\system32\i8nmli5118.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047451.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047452.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047463.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047467.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047475.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047487.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047534.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047573.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047582.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047674.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047683.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047691.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047744.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047753.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047763.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047773.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047818.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047829.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048818.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048823.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048827.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048831.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048836.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048848.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048893.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049206.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049322.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049397.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049408.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049638.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049647.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049808.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049816.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049900.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049909.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050002.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050011.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050017.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050018.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050021.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050022.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050023.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050024.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050025.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050026.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050027.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050032.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050057.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050067.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050114.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050119.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050130.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050131.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050132.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050181.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050187.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050241.dll
Infected! C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050251.dll
Infected! C:\WINDOWS\system32\bOtmeter.dll
Infected! C:\WINDOWS\system32\h20qlcd51f0.dll
Infected! C:\WINDOWS\system32\i8nmli5118.dll
Infected! C:\WINDOWS\system32\iYsacct.dll
Infected! C:\WINDOWS\system32\memdd.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\i8nmli5118.dll
C:\WINDOWS\system32\i8nmli5118.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047451.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047451.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047452.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047452.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047463.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047463.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047467.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047467.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047475.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047475.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047487.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047487.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047534.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047534.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047573.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047573.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047582.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047582.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047674.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047674.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047683.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047683.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047691.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047691.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047744.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047744.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047753.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047753.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047763.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047763.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047773.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047773.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047818.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047818.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047829.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0047829.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048818.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048818.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048823.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048823.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048827.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048827.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048831.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048831.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048836.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048836.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048848.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048848.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048893.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0048893.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049206.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049206.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049322.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049397.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049397.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049408.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049408.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049638.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049638.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049647.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049647.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049808.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049808.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049816.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049816.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049900.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049900.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049909.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0049909.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050002.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050002.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050011.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP166\A0050011.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050017.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050017.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050018.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050018.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050021.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050021.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050022.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050022.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050023.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050023.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050024.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050024.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050025.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050025.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050026.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050026.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050027.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050027.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050032.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050032.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050057.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050057.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050067.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050067.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050114.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050114.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050119.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050119.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050130.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050130.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050131.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050131.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050132.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP167\A0050132.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050181.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050181.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050187.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050187.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050241.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050241.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050251.dll
C:\System Volume Information\_restore{E4785D33-4399-48A4-8A0D-34EE640045DF}\RP169\A0050251.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\bOtmeter.dll
C:\WINDOWS\system32\bOtmeter.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\h20qlcd51f0.dll
C:\WINDOWS\system32\h20qlcd51f0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\i8nmli5118.dll
C:\WINDOWS\system32\i8nmli5118.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\iYsacct.dll
C:\WINDOWS\system32\iYsacct.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\memdd.dll
C:\WINDOWS\system32\memdd.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E184FF2A-E8D4-4E0E-AFD1-27653ADA1DA1}"
HKCR\Clsid\{E184FF2A-E8D4-4E0E-AFD1-27653ADA1DA1}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{078B2122-816D-4B23-AA85-234488417A2B}"
HKCR\Clsid\{078B2122-816D-4B23-AA85-234488417A2B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8C7A37CA-6A81-454C-BDA1-D22AFC6770AF}"
HKCR\Clsid\{8C7A37CA-6A81-454C-BDA1-D22AFC6770AF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E94E3211-8037-4AFE-9079-AC23CF75D188}"
HKCR\Clsid\{E94E3211-8037-4AFE-9079-AC23CF75D188}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 8:59:53 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\mousepad9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe
C:\Program Files\?ppPatch\d?dplay.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waowop.exe reg_run
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [Rias] "C:\WINDOWS\system32\CROSOF~1.NET\cmd.exe" -vt yazr
O4 - HKCU\..\Run: [Xupgp] C:\Program Files\?ppPatch\d?dplay.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Next I need you to download some programs that we'll use later.
Please download Pocket Killbox from here. Unzip the program to your desktop. Please do not open it or attempt to use it. We'll do that later.
Next step is to make a new folder on your C:\ drive. Open my computer and then click on local disk C:. On the right hand pane you will see many folders and files which are the contents of your C:\ drive. Right click the mouse on an empty space in this pane. On the pop-out menu that appears please move your mouse to new and on the next pop-out menu please select folder, then left click. A new folder will appear in your C:\ directory. Please name this folder findqool.
Next please download FindQool.zip from here. Please unzip the contents of FindQool.zip to the new folder C:\findqool that we just made. We'll use this stuff later as well.
Next please download Ewido Anti-Malware from my signature below. Follow the instructions below to set it up (please note, do not run the program yet):
Now you should have Ewido installed, updated and ready for future use.
Next please visit the link below and run the Purity Scan Uninstaller:
http://www.purityscan.com/uninstall.html
After you run the uninstaller please reboot the PC and post a fresh Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 3:25:37 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waowop.exe reg_run
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I also installed the folding program but if it's running after my boot ups I can't tell. Can you?
Next thing I want you to do is to navigate to the folder we made earlier that is named findqool. Open that folder. In the folder is a file named qlocate.bat. Please double click the file. It will run and when finished it will generate a log. Please post that log here after you are finished. You don't have to post another Hijack This log along with it.
One other thing I noticed is that your folding at home program shown here:
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
is running from a temporary directory (your temp internet files). When we're finished cleaning up your malware we'll move it where it's supposed to be.
Sun 04/16/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.
Known file names
C:\WINDOWS\SYSTEM32\DMONWV.DLL
MD5 Check....
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\udvek.dat
C:\WINDOWS\system32\ofhaxp.exe
C:\WINDOWS\system32\fpxex.exe
C:\WINDOWS\system32\unhbpxx.dll
Files found with locate com.
C:\WINDOWS\SYSTEM32\UNHBPXX.DLL
C:\WINDOWS\SYSTEM32\UDVEK.DAT
C:\WINDOWS\SYSTEM32\OFHAXP.EXE
C:\WINDOWS\SYSTEM32\FPXEX.EXE
C:\WINDOWS\RPCRC.DLL
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\HNTBE.EXE
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
04/05/2006 10:04 PM 127,488 hntbe.exe
...
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}
HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fykfkmxf]
@="{d9e33e4d-ba91-4c89-aa57-a0047003289f}"
...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"owlrxn"="C:\\WINDOWS\\system32\\ofhaxp.exe reg_run"
"winsync"="C:\\WINDOWS\\system32\\waowop.exe reg_run"
HKCU
"ktsty"="C:\\WINDOWS\\system32\\ofhaxp.exe reg_run"
...
Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe, C:\WINDOWS\system32\fpxex.exe
userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006
Now the next part is going to be very important so please follow the instructions very carefully. You have a Qoologic infection that we need to take care of next. This will require the use of Pocket Killbox that we downloaded earlier. Once we take care of this we'll just be about 2 or 3 more posts away from you being clean!
Open Pocket Killbox by double clicking it's icon. Next please select the radio button that says delete on reboot. From the list below please copy the following files to your clipboard by highlighting them then hold down the ctrl key and then pressing the C key:
C:\WINDOWS\SYSTEM32\UNHBPXX.DLL
C:\WINDOWS\SYSTEM32\UDVEK.DAT
C:\WINDOWS\SYSTEM32\OFHAXP.EXE
C:\WINDOWS\SYSTEM32\FPXEX.EXE
C:\WINDOWS\RPCRC.DLL
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\HNT BE.EXE
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\qkfiium.exe
C:\WINDOWS\system32\waowop.exe
Next press the button on Killbox that says All Files. This is very important. The button should flash green if you've done it right.
Next open 'file' in the killbox menu on top and choose Paste from clipboard
then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Your computer must reboot now.
Once your PC has rebooted please run Hijack This again and put a check (tick) next to the following entries (do not be worried if they don't exist):
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium. exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\waowop.exe reg_run
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
Close all other browsers/windows and click Fix Checked.
Next run the qlocate.bat file again and save the log that it generates.
Reboot your PC again and post a fresh Hijack This log along with the log from the second run of qlocate.bat.
Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 5:56:04 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fpxex.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
FindQool report
Mon 04/17/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.
Known file names
MD5 Check....
C:\WINDOWS\system32\udvek.dat
C:\WINDOWS\system32\ofhaxp.exe
C:\WINDOWS\system32\fpxex.exe
C:\WINDOWS\system32\unhbpxx.dll
Files found with locate com.
C:\WINDOWS\SYSTEM32\UNHBPXX.DLL
C:\WINDOWS\SYSTEM32\UDVEK.DAT
C:\WINDOWS\SYSTEM32\OFHAXP.EXE
C:\WINDOWS\SYSTEM32\FPXEX.EXE
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\HNTBE.EXE
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
04/05/2006 10:04 PM 127,488 hntbe.exe
...
HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fykfkmxf]
@="{d9e33e4d-ba91-4c89-aa57-a0047003289f}"
...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"owlrxn"="C:\\WINDOWS\\system32\\ofhaxp.exe reg_run"
HKCU
"ktsty"="C:\\WINDOWS\\system32\\ofhaxp.exe reg_run"
...
Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe, C:\WINDOWS\system32\fpxex.exe
userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,qkfiium.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006
Please download Brute Force Uninstaller to your desktop.
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download QooFix.bat by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU).
Please close ALL other open windows & explorer folder's, then double-click on QooFix.bat.
Choose option #1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
Then please post back with a fresh Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:58 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
SurfSideKick 3
Some people actually like having that program but it usually comes bundled with adware and is itself considered adware.
Next we need to run the Ewido Scan. Please follow the instructions below:
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Post back with the Ewido log and a fresh Hijack This log.
Wow, there really was alot going on. Here are the logs
Ewido
ewido anti-malware - Scan report
+ Created on: 7:41:02 PM, 4/18/2006
+ Report-Checksum: 4E6B7268
+ Scan result:
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned without backup
HKU\S-1-5-21-329068152-1715567821-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned without backup
HKU\S-1-5-21-329068152-1715567821-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned without backup
C:\!KillBox\( 2) -> Downloader.Qoologic.bj : Cleaned without backup
C:\!KillBox\( 3) -> Downloader.Qoologic.bj : Cleaned without backup
C:\!KillBox\( 4) -> Downloader.Qoologic.bj : Cleaned without backup
C:\!KillBox\dmonwv.dll -> Downloader.Agent.agw : Cleaned without backup
C:\!KillBox\udvek.dat -> Downloader.Qoologic.bj : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanage r[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@partygaming.12 2.2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BP72TV47\AppWrap[1].exe -> Adware.AdURL : Cleaned without backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y8G0TPU9\AppWrap[1].exe -> Adware.AdURL : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanag er[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix [1].txt -> TrackingCookie.Addynamix : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@epilot[1].txt -> TrackingCookie.Epilot : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@partygaming.1 22.2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture [1].txt -> TrackingCookie.Overture : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned without backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\loadex[1].exe -> Downloader.Agent.aie : Cleaned without backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\full[1].exe -> Dropper.Agent.hl : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@2o7[2].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@adopt.specificclick [1].txt -> TrackingCookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@adtech[2].txt -> TrackingCookie.Adtech : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@partygaming.122.2o7 [1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@stats1.reliablestat s[1].txt -> TrackingCookie.Reliablestats : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@www.myaffiliateprog ram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned without backup
C:\Documents and Settings\Nicole\Cookies\nicole@zedo[2].txt -> TrackingCookie.Zedo : Cleaned without backup
C:\Documents and Settings\Nicole\Desktop\full.exe -> Dropper.Agent.hl : Cleaned without backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned without backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned without backup
C:\w.exe -> Downloader.Agent.aie : Cleaned without backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned without backup
C:\WINDOWS\mousepad8.exe -> Trojan.VB.ali : Cleaned without backup
C:\WINDOWS\mousepad9.exe -> Downloader.VB.aaf : Cleaned without backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned without backup
C:\WINDOWS\system32\full.exe -> Dropper.Agent.hl : Cleaned without backup
C:\WINDOWS\system32\ofhaxp.exe -> Downloader.Qoologic.bj : Cleaned without backup
C:\WINDOWS\system32\unhbpxx.dll -> Downloader.Qoologic.bj : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@2o7[2].txt -> TrackingCookie.2o7 : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@advertising[2].txt -> TrackingCookie.Advertising : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@com[2].txt -> TrackingCookie.Com : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@revenue[2].txt -> TrackingCookie.Revenue : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@servedby.advertisin g[1].txt -> TrackingCookie.Advertising : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@www.myaffiliateprog ram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned without backup
D:\Documents and Settings\Nicole\Cookies\nicole@zedo[2].txt -> TrackingCookie.Zedo : Cleaned without backup
::Report End
Hijack
Logfile of HijackThis v1.99.1
Scan saved at 7:44:37 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H 1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H 1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H 1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/Mul...ctComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKCU\..\Run: [mwio] C:\PROGRA~1\COMMON~1\mwio\mwiom.exe
Close all other browsers/windows and click Fix Checked.
Now reboot into safe mode as was explained when you ran Ewido. Now we need to make sure you can view hidden files, explained below:
Next use Windows Explorer to delete the following:
C:\Program Files\Common Files\mwio<----This folder.
C:\windows\keyboard9.exe<----This file.
Reboot the PC when finished and post a fresh Hijack This log. If you can't uninstall Surf Sidekick then we'll worry about that on the next go round and once we're finished we'll move your Folding at Home program to a new folder.
My F8 option to go into safemode doesn't work so I just change it with MSconfig every time. I think I have to alt-f2 at boot up to go into safe mode. Anywho...I did the last steps. The mwio was not in the program files for me, it was in the Windows file and I deleted it. I didn't have a keyboard9.exe but when I did a search on my computer it pulled up a keyboard91.dat and a keyboard81.dat. I did a search online, on another computer, and one post I found told someone else to delete them so I did too. lol! Here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 7:55:22 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
C:\Program Files\SurfSideKick 3<----This folder.
That should take care of Surf Sidekick. Post another log when you're done and we'll make certain you're clean.
Logfile of HijackThis v1.99.1
Scan saved at 6:57:07 AM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FahCore_7a.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nicole\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FAH@C:+Documents and Settings+Nicole+Local Settings+Temporary Internet Files+Content.IE5+YTSFI1Y5+FAH504-Console[1].exe - Stanford University - C:\Documents and Settings\Nicole\Local Settings\Temporary Internet Files\Content.IE5\YTSFI1Y5\FAH504-Console[1].exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I'm good, I haven't gotten any pop ups for the past two days.
Congratulations. Your log is clean! You should reward yourself very liberally! Now some pointers on how to stay clean and keep your sanity. You may be thinking now "how did I get infected?" Please read this great article: So how did I get infected in the first place.
Next follow the instructions below to keep yourself free from infection.
Disable and then enable system restore to purge infected restore points.
Turn OFF System Restore.
To enable system restore:
Rehide hidden files and folders. During your fix if you were asked to "show hidden files and folders" you should go back now and re-hide them. You wouldn't want to accidentally delete important files. Follow the instructions below:
Update the OS regularly
Set up system to ensure a regular update of the Operating System.
Manually:
Visit Windows Update on a weekly/fortnightly REGULAR basis.
Automatically:
Notify Me option so that you can download when you can afford the time and bandwidth overheads.
Secure your web browser
Security
Alternatively you could use another browser such as
Mozilla Firefox (My personal favorite!)
Opera
Get Some Protection
The following programs are useful in the fight against Malware. Best of all, they're FREE.
Download and install any or all . Be warned though ---- You must update regularly. Check once a week!
- Ad-Aware SE - This is a
- Spybot Search &
- Spyware Blaster -
A good antiviral program is essential. I see you already have one. That's good. Be sure to keep it updated.program that scans for and removes known spyware from your machine.
Destroy -Similar to Ad-Aware but more configurable and incorporates Teatime, a memory resident utility that protects the system
registry. I recommend
It Prevents the addition of ActiveX Controls on your machines by
isolating the system registry.
And Finally.........Lock the door with a Firewall . XP comes with its own simple firewall but I prefer to substitute it with
ZoneAlarm.
I wish you very happy, and most importantly, safe surfing on the information superhighway. Just remember it can be dangerous.