Digital Trends

Voyageman · #1 02-10-2005, 06:07 PM

I have read prior posts, run (one at a time) adaware, spy sweeper, msft antispyware, spyware doctor, spybot search and destroy, etrust patrol; Ihave deleted internet temp files, etc and emptied the bin. I have run hijack this with results shown below.....how does it look? Is there more I need to delete manually? many thanks .

_______________________________________-
Logfile of HijackThis v1.99.0
Scan saved at 02:21:10, on 02/11/05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Boingo\WENGINE\wmonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\ggviewer67-15.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\My Downloads\Compupic\ScsiAccess.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Say the Time\SayTime.exe
C:\My Downloads\Clockx\ClocX\ClocX.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe
C:\My Downloads\PaperPort\pptd40nt.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
C:\My Downloads\File-Ex 3\FileEx.exe
C:\Documents and Settings\Master\Start Menu\Programs\Startup\KnockOut.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\My Downloads\Avant\Avant Browser\avant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\WinTasks 4\wintasks.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\AVD\Downloads\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [ClocX] C:\My Downloads\Clockx\ClocX\ClocX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\My Downloads\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 2a.exe" /runonce
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexlx32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ClipCache] C:\My Downloads\Clip Cache\ClipCache\clipc.exe /wait 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FastLauncher] C:\My Downloads\Fast Launcher\fl.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: File-Ex.lnk = C:\My Downloads\File-Ex 3\FileEx.exe
O4 - Startup: KnockOut.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: QuickRun.lnk = C:\My Downloads\Quick Run\QuickRun.exe
O4 - Startup: TLight.exe.lnk = C:\My Downloads\Dovico\Trackit\TLight.exe
O4 - Startup: X1 System Tray.lnk = C:\My Downloads\x1\X1Systray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Add To Net Snippets - C:\MYDOWN~1\NETSNI~2\Res\Clipper.htm
O8 - Extra context menu item: Capture &Image to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Page to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture &Target to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Selected Items to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: File and Save Picture with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#108
O8 - Extra context menu item: File and Save Selection with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#109
O8 - Extra context menu item: File and Save Target with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#107
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O8 - Extra context menu item: Note Link Address with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#110
O8 - Extra context menu item: Open All Links in This Page... - C:\My Downloads\Avant\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Master\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save image with M&ybase - C:\My Downloads\My Base\WebCollect\imagesave.htm
O8 - Extra context menu item: Save Page Area (Frame) with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#102
O8 - Extra context menu item: Save Picture with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#101
O8 - Extra context menu item: Save Selected Targets with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#111
O8 - Extra context menu item: Save Selection with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#104
O8 - Extra context menu item: Save Target with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#103
O8 - Extra context menu item: Save to &KBase... - file:C:\My Downloads\NetXtract\SaveToKBmenu.dll
O8 - Extra context menu item: Save with &Mybase - C:\My Downloads\My Base\WebCollect\websave.htm
O8 - Extra context menu item: Save with Internet Research Scout - C:\My Downloads\Internet Research Scout\Internet Research Scout\nnotes.html
O8 - Extra context menu item: Search - C:\My Downloads\Avant\Avant Browser\Search.htm
O8 - Extra context menu item: SurfSaver 6 QuickSave - C:\My Downloads\Surfsaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver 6 Save... - C:\My Downloads\Surfsaver\add.htm
O8 - Extra context menu item: Track Target Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackTargetExt.htm
O8 - Extra context menu item: Track Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackCurrentExt.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Track Page - {0CFE98C9-A0F8-4E6E-94D7-C8F9157B0A43} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: (no name) - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Tracker - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: [LWA] Load - {1893CACF-6450-473A-8825-1C21D55745A2} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc.exe
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: netXtract® - {1FB62888-D13A-11d3-AF5D-00C0DF647817} - C:\My Downloads\NetXtract\iBrowser.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra button: Flash Movie Extractor Scout - {3A68BB9F-E215-488F-B661-B9E965B76D50} - C:\My Downloads\Flash extractor\Flash Movie Extractor Scout\flashextract.exe
O9 - Extra button: Notes Pilot - {5BC69A50-0C33-4106-B44B-0DAC5F8E23E5} - C:\My Downloads\Notes Pilot\notes.exe (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\MYDOWN~1\NETSNI~2\NetSnip.dll
O9 - Extra button: Subscribe in NewsGator - {82B02F23-47B5-4e6c-8A75-8E0527D73989} - C:\My Downloads\Newsgator\NGIEExt.dll
O9 - Extra button: SurfSaver 6 - {91D4580B-DB35-416E-BA9E-994BBADC7177} - C:\My Downloads\Surfsaver\SurfSaverBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Research Scout - {A44D54CC-90DA-45E7-A8D2-34404253531A} - C:\MYDOWN~1\INTERN~1\INTERN~1\nnotes.dll
O9 - Extra button: Entradas Cine - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mrc-cine-entradas3\local.htm (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\my downloads\lotus\organize\bandobjs.dll
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\My Downloads\PDF Typewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra button: [LWA] Add - {DA356B42-149C-47A4-91D1-8A734A70C33B} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc_add.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web Eyes &Page Control - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: (no name) - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web &Eyes Reader - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Grab URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash GrabURLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra button: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O9 - Extra 'Tools' menuitem: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Proyec - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: RMDActiveX - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: WebControlDeploy - https://grouper.com/v1/Resolver.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven.net/client/mavenInstaller.cab
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} - http://advnt01.com/dialer/emsat_ver4.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/122b2c8290165e8...p/RdxIE601.cab
O16 - DPF: {5AA1A8E3-FD88-488A-95EB-944D938136AF} (VerMDDE.clsVerMDDE) - https://sce.ctt.pt/VerMDDE.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/r...1/isetupml.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/...les/ie/IDA.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\My Downloads\Surfsaver\AS6_AIPP.dll
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\MYDOWN~1\COPERN~2\COPERN~2.DLL
O18 - Protocol: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boingo Monitor Service - Boingo Wireless, Inc. - C:\Program Files\Boingo\WENGINE\wmonitor.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: GoToMyPC - Citrix Online - C:\My Downloads\Citrix\GoToMyPC\g2svc.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\My Downloads\Compupic\ScsiAccess.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\My Downloads\Tune Up\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

nightowl · #2 02-11-2005, 01:18 PM

Reboot To Safe Mode (tap F8 on Startup)

Place a check next to each of these and click Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexlx32.exe

O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

On this one

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexlx32.exe

It may be related to the new Spyware dddd.exe which there is no fix for at the present time. If you delete that one, all hell may break loose. Just wanted to let you know if you try to fix it..........Jim

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Do a Defrag on your C Drive, Empty recycle bin.

Start/All Programs/Accessories/System Tools/Disc Defragment

Then Reboot and post a new log..........Jim

nyquist · #3 02-13-2005, 03:11 PM

The [antiware] registry entry is part of Elite Tool Bar.

Please visit my web site for full removal instructions for Elite Toolbar.

http://uk.geocities.com/darren_st/etb/

Removal Instructions appear below:

1. Start the PC in safe mode (hitting F8 key during the startup sequence, then selecting "Safe Mode")

It is important to start the PC in safe mode, otherwise you will not be able to remove the tool bar properly.

2. Remove the following registry entries:

Delete the following keys and all of their contents.

HKLM\SOFTWARE\Elitum\
HKLM\SOFTWARE\Elitum\EliteToolBar\
HKLM\SOFTWARE\Microsoft\DownloadManager\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\EliteBar Internet Explorer Toolbar

Delete the specified values from the following keys (do not delete the entire key).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = "C:\WINDOWS\System32\Elite???32.exe"

3. Select "My Computer" in the Registry Editor, then press Ctrl + F to open the Find dialog.

In "Find What" copy and paste the following strings one at a time, searching the entire registry for them. Delete any keys or values that you find.

825CF5BD-8862-4430-B771-0C15C5CA8DEF
28CAEFF3-0F18-4036-B504-51D73BD81ABC
28CAEFF3-0F18-4036-B504-51D73BD81C3A
825CF5BD-8862-4430-B771-0C15C5CA880F
ED103D9F-3070-4580-AB1E-E5C179C1AE41
BE8D0059-D24D-4919-B76F-99F4A2203647

4. If any of the following directory exists, delete it.

C:\WINDOWS\EliteToolBar\*.*
C:\WINDOWS\EliteSideBar\*.*
C:\WINDOWS\EliteBar\*.*
C:\WINDOWS\System32\EliteToolBar\*.*
C:\WINDOWS\System32\EliteSideBar\*.*
C:\WINDOWS\System32\EliteBar\*.*

5. Finally, using the Start Menu Find / Search facilty, search for the following filenames. If any are found deleted them.

- dl
- dl.exe
- suicidetb.exe
- kal*sys.exe
- elite*32.exe
- silent_install.exe
- protection.exe
- protection_update.exe

nightowl · #4 02-13-2005, 09:32 PM

Hi NYquist, Thanks for that info. I put your fix in the Spyware Reference Forum. I hope it works. I'll send people to the thread..

http://forums.designtechnica.com/showthread.php?t=7010

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode