[inactive]..hope I did this right..
Ok, because IE always crashes, it's taken a week :bawling: to actually capture the scans necessary for this forum. Hope it's right this time. Sorry for being such a weenie (mistaking this for this and not providing you with the info you need)..
I had no idea that my Trend Micro 2007 could miss the garbage these online scanners found. I'm hoping to learn all I can about Best Practices here. Thanks so much for providing the opportunity!
Gratefully,
bers
- Panda ActiveScan
- Kaspersky
- BitDefender (.PNG of log -
; I'd be happy to add the .TXT version if you prefer)
HJT Logfile v1.99.1
Scan saved at 10:09:51 AM, on 12/9/2006 following the above three scans of Panda ActiveScan, Kaspersky, and BitDefender.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
C:\DOCUME~1\KJONES~1\LOCALS~1\Temp\bwgo0000cbf7.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.233.161.104/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = K8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (disabled by BHODemon)
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Tarjim Tool.lnk = C:\Program Files\Sakhr\Tarjim Tool\TarjimTools1.exe
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Bloglines: Find References To This Link - C:\Program Files\Bloglines Context Menu\BloglinesCitationsThisLink.html
O8 - Extra context menu item: Bloglines: Find References To This Page - C:\Program Files\Bloglines Context Menu\BloglinesCitationsThisPage.html
O8 - Extra context menu item: Bloglines: Search For This Text - C:\Program Files\Bloglines Context Menu\BloglinesSearch.html
O8 - Extra context menu item: Bloglines: Subscribe - C:\Program Files\Bloglines Context Menu\BloglinesSubscribe.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Technorati: Search For This Link - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisLink.html
O8 - Extra context menu item: Technorati: Search For This Page - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisPage.html
O8 - Extra context menu item: Technorati: Search For This Text - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisText.html
O8 - Extra context menu item: TypePad QuickPost - https://www.typepad.com/t/app?__mode=reg_qp_js&qp_show=tb,ca,ac,ap,ew&qp_height=540
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O15 - Trusted Zone: http://*.macromedia.com
O15 - Trusted Zone: http://*.windowsupdate.mircosoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122072777
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129441261405
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw50s - {48EA6ECD-F1AA-4A28-9E9F-7F46EECFFF10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
I had no idea that my Trend Micro 2007 could miss the garbage these online scanners found. I'm hoping to learn all I can about Best Practices here. Thanks so much for providing the opportunity!
Gratefully,
bers
- Panda ActiveScan
- Kaspersky
- BitDefender (.PNG of log -
HJT Logfile v1.99.1
Scan saved at 10:09:51 AM, on 12/9/2006 following the above three scans of Panda ActiveScan, Kaspersky, and BitDefender.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
C:\DOCUME~1\KJONES~1\LOCALS~1\Temp\bwgo0000cbf7.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.233.161.104/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = K8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (disabled by BHODemon)
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Tarjim Tool.lnk = C:\Program Files\Sakhr\Tarjim Tool\TarjimTools1.exe
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Bloglines: Find References To This Link - C:\Program Files\Bloglines Context Menu\BloglinesCitationsThisLink.html
O8 - Extra context menu item: Bloglines: Find References To This Page - C:\Program Files\Bloglines Context Menu\BloglinesCitationsThisPage.html
O8 - Extra context menu item: Bloglines: Search For This Text - C:\Program Files\Bloglines Context Menu\BloglinesSearch.html
O8 - Extra context menu item: Bloglines: Subscribe - C:\Program Files\Bloglines Context Menu\BloglinesSubscribe.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Technorati: Search For This Link - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisLink.html
O8 - Extra context menu item: Technorati: Search For This Page - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisPage.html
O8 - Extra context menu item: Technorati: Search For This Text - C:\Program Files\Technorati Context Menu\TechnoratiSearchForThisText.html
O8 - Extra context menu item: TypePad QuickPost - https://www.typepad.com/t/app?__mode=reg_qp_js&qp_show=tb,ca,ac,ap,ew&qp_height=540
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O15 - Trusted Zone: http://*.macromedia.com
O15 - Trusted Zone: http://*.windowsupdate.mircosoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120122072777
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129441261405
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw50s - {48EA6ECD-F1AA-4A28-9E9F-7F46EECFFF10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
0
This discussion has been closed.
Comments
Regarding the second thread - I started this new thread because the other was locked, and I could not reply to it.
Regarding the bitdefender scan - I ran bitdefender per the rules pinned on the main forum page; it's the .PNG attachment in my first post (above). Is the info provided there not suitable somehow? I can run bitdefender again, but it took, like, 7 hours to complete the first time - just a heads up for why you won't see me again here for a day or so.. Please advise.
Also, I was having problems with PC-Cillian 2007, so I uninstalled it and reinstalled 2006 with the 2077 license key - per their instructions - apparently, this will protect my system till Trend comes out with their fix in January 2007. So, I thought I should do another HJ log to reflect this new info.
HJ 12/15/06
Logfile of HijackThis v1.99.1
Scan saved at 10:33:10 AM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft
IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet
Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.50
08\GoogleToolbarNotifier.exe
C:\Program Files\Executive
Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\DOCUME~1\KJONES~1\LOCALS~1\Temp\bwgo0000e8
f3.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://64.233.161.104/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/
defaults/sb/ymsgr/*http://www.yahoo.com/ext/s
earch/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Startpagina =
file:///C:/Program%20Files/Onlinedirect/Porta
l/portal.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = K8
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
(disabled by BHODemon)
O2 - BHO: AdShield.AdShield -
{7559B76E-0222-4d77-9499-CCE9EB4EDC2F} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio
Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [UMonit]
C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.
EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album
Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent]
C:\Program Files\Sprint & FineReader 5.0
Office Try&Buy\Sprint\CAgent.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIni
t
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program
Files\Trend Micro\Internet Security
2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMess
enger.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.50
08\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop
Messenger Agent.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = ?
O4 - Global Startup: Tarjim Tool.lnk =
C:\Program Files\Sakhr\Tarjim
Tool\TarjimTools1.exe
O8 - Extra context menu item: &Maintain Block
List... -
C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Yahoo! Search
- file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to &Block
List... -
C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude
List... -
C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option
&Settings... -
C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Bloglines: Find
References To This Link - C:\Program
Files\Bloglines Context
Menu\BloglinesCitationsThisLink.html
O8 - Extra context menu item: Bloglines: Find
References To This Page - C:\Program
Files\Bloglines Context
Menu\BloglinesCitationsThisPage.html
O8 - Extra context menu item: Bloglines:
Search For This Text - C:\Program
Files\Bloglines Context
Menu\BloglinesSearch.html
O8 - Extra context menu item: Bloglines:
Subscribe - C:\Program Files\Bloglines
Context Menu\BloglinesSubscribe.html
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
/3000
O8 - Extra context menu item: StumbleUpon:
&Blog This -
res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Technorati:
Search For This Link - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisLink.html
O8 - Extra context menu item: Technorati:
Search For This Page - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisPage.html
O8 - Extra context menu item: Technorati:
Search For This Text - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisText.html
O8 - Extra context menu item: TypePad
QuickPost -
https://www.typepad.com/t/app?__mode=reg_qp_j
s&qp_show=tb,ca,ac,ap,ew&qp_height=540
O8 - Extra context menu item: Yahoo!
&Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall
BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} -
C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello
- {B13B4423-2647-4cfc-A4B3-C7D56CB83487} -
C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield -
{4FB6C25E-7B37-4c93-B592-16ECD8D18361} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll
(HKCU)
O15 - Trusted Zone: http://*.macromedia.com
O15 - Trusted Zone:
http://*.windowsupdate.mircosoft.com
O15 - Trusted Zone:
http://*.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB -
http://photos.groups.yahoo.com/ocx/us/yexplor
er1_8us.cab
O16 - DPF:
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/defa
ult/kavwebscan_unicode.cab
O16 - DPF:
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://download.bitdefender.com/resources/sca
n8/oscan8.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/
V5Controls/en/x86/client/wuweb_site.cab?11201
22072777
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v
6/V5Controls/en/x86/client/muweb_site.cab?112
9441261405
O16 - DPF:
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
http://www.worldwinner.com/games/shared/wwlau
nch.cab
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5fr
ee/asinst.cab
O18 - Protocol: bw50s -
{48EA6ECD-F1AA-4A28-9E9F-7F46EECFFF10} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876
480.dll
O18 - Protocol: livecall -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe
Systems - C:\Program Files\Common Files\Adobe
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software
International, Inc. - C:\Program
Files\Executive
Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Macromedia Licensing Service -
Macromedia - C:\Program Files\Common
Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control
Component (PcCtlCom) - Trend Micro
Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service
(Tmntsrv) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall
(TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service
(tmproxy) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
bersIRC (practicing my ho-ho-ho)
Logfile of HijackThis v1.99.1
Scan saved at 11:04:17 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft
IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet
Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive
Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://64.233.161.104/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie
/defaults/sb/ymsgr/*http://www.yahoo.com/ext
/search/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Startpagina =
file:///C:/Program%20Files/Onlinedirect/Port
al/portal.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = K8
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersi
on\Internet Settings,ProxyOverride =
localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
(disabled by BHODemon)
O2 - BHO: AdShield.AdShield -
{7559B76E-0222-4d77-9499-CCE9EB4EDC2F} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio
Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [UMonit]
C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC
.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album
Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ABBYY Community Agent]
C:\Program Files\Sprint & FineReader 5.0
Office Try&Buy\Sprint\CAgent.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIn
it
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program
Files\Trend Micro\Internet Security
2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMes
senger.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5
008\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk
= C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop
Messenger Agent.lnk = C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works
Calendar Reminders.lnk = ?
O4 - Global Startup: Tarjim Tool.lnk =
C:\Program Files\Sakhr\Tarjim
Tool\TarjimTools1.exe
O8 - Extra context menu item: &Maintain
Block List... -
C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: &Yahoo! Search
- file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to &Block
List... -
C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to
&Exclude List... -
C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield
Option &Settings... -
C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: Bloglines:
Find References To This Link - C:\Program
Files\Bloglines Context
Menu\BloglinesCitationsThisLink.html
O8 - Extra context menu item: Bloglines:
Find References To This Page - C:\Program
Files\Bloglines Context
Menu\BloglinesCitationsThisPage.html
O8 - Extra context menu item: Bloglines:
Search For This Text - C:\Program
Files\Bloglines Context
Menu\BloglinesSearch.html
O8 - Extra context menu item: Bloglines:
Subscribe - C:\Program Files\Bloglines
Context Menu\BloglinesSubscribe.html
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EX
E/3000
O8 - Extra context menu item: StumbleUpon:
&Blog This -
res://C:\WINDOWS\system32\s1927.dll/blogimag
e
O8 - Extra context menu item: Technorati:
Search For This Link - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisLink.html
O8 - Extra context menu item: Technorati:
Search For This Page - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisPage.html
O8 - Extra context menu item: Technorati:
Search For This Text - C:\Program
Files\Technorati Context
Menu\TechnoratiSearchForThisText.html
O8 - Extra context menu item: TypePad
QuickPost -
https://www.typepad.com/t/app?__mode=reg_qp_
js&qp_show=tb,ca,ac,ap,ew&qp_height=540
O8 - Extra context menu item: Yahoo!
&Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall
BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} -
C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello
- {B13B4423-2647-4cfc-A4B3-C7D56CB83487} -
C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AdShield -
{4FB6C25E-7B37-4c93-B592-16ECD8D18361} -
C:\PROGRA~1\AdShield\AdShield\AdShield.dll
(HKCU)
O15 - Trusted Zone: http://*.macromedia.com
O15 - Trusted Zone:
http://*.windowsupdate.mircosoft.com
O15 - Trusted Zone:
http://*.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB -
http://photos.groups.yahoo.com/ocx/us/yexplo
rer1_8us.cab
O16 - DPF:
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/def
ault/kavwebscan_unicode.cab
O16 - DPF:
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://download.bitdefender.com/resources/sc
an8/oscan8.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6
/V5Controls/en/x86/client/wuweb_site.cab?112
0122072777
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/
v6/V5Controls/en/x86/client/muweb_site.cab?1
129441261405
O16 - DPF:
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
http://www.worldwinner.com/games/shared/wwla
unch.cab
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5f
ree/asinst.cab
O18 - Protocol: bw50s -
{48EA6ECD-F1AA-4A28-9E9F-7F46EECFFF10} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-887
6480.dll
O18 - Protocol: livecall -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe
Systems - C:\Program Files\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive
Software International, Inc. - C:\Program
Files\Executive
Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Macromedia Licensing Service
- Macromedia - C:\Program Files\Common
Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control
Component (PcCtlCom) - Trend Micro
Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service
(Tmntsrv) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall
(TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service
(tmproxy) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
Sorry for the delay. Everyone is having real life problems at the moment
Your HijackThis log is hard to read with all those spaces. Please create a new HijackThis log, but this time in Notepad, go to Format tab and uncheck Word Wrap.
Post a new log afterwards.
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead