Post by: nicetruk on December 31, 2005, 11:45:53 AM
Thought I could get all out by myself...
I was wrong...
Need some real help...
The last two issues that I can't seem to fix are:
I keep getting the startup error for C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
And; My internet explorer won't keep my home page...It keeps loading as http:///
That's all I can find...
thanks
Jeff
Logfile of HijackThis v1.99.1
Scan saved at 10:39:35 AM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\WINDOWS\inet20005\services.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SMSS.EXE
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\INET20005\MM4.EXE
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\windows\system32\HPHipm09.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm (http://\"http://www.rr.com/flash/index.cfm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople (http://\"http://www.sony.com/vaiopeople\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20005\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKLM\..\Run: [ErrorDoctor] C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (http://\"http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135908983531\")
O18 - Protocol: bw+0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7349C17B-950C-4684-B06E-F138C0DDBCAB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
Post by: guestolo on December 31, 2005, 03:33:07 PM
Uninstall SpyWareCleaner>>It does not have a good reputation
You may not be able to find an uninstaller
But look in your Add/Remove programs
If not present, Go to START>>Programs
Is there an uninstaller in the SpywareCleaner folder if found?
ErrorDoctor: I can't find much info about it, but what I could find was not a recommended product
Please remove it if you didn't pay for it
We will get you free tools that do a much better job
Reboot the computer after removing the above
Post back a fresh hijackthis log and we'll do some fixes on your computer
Post by: nicetruk on December 31, 2005, 04:35:11 PM
Here is the new logfile.
thanks
Logfile of HijackThis v1.99.1
Scan saved at 3:32:50 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\windows\explorer.exe
C:\WINDOWS\inet20005\services.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SMSS.EXE
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\WINDOWS\INET20005\MM4.EXE
C:\windows\system32\hpoipm07.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\WINDOWS\SERVICEPACKFILES\I386\IEXPLORE.EXE
C:\windows\system32\HPHipm09.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople (http://\"http://www.sony.com/vaiopeople\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20005\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (http://\"http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135908983531\")
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
Post by: guestolo on December 31, 2005, 05:15:15 PM
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Dont' run a scan yet, we'll need it later
==In the event you have SmitRem.exe
Please delete your copy of SmitRem.exe and the SmitRem folder
==Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Don't run it yet
==Download Killbox
From one of these loactions
http://www.downloads.subratam.org/KillBox.exe (http://\"http://www.downloads.subratam.org/KillBox.exe\")
http://www.atribune.org/downloads/KillBox.exe (http://\"http://www.atribune.org/downloads/KillBox.exe\")
and save it too your desktop or folder
Please save these instructions to a Notepad file and save it to your Desktop for reference
This is important
To open Notepad go to START>>RUN>>type in notepad
Hit OK
I need you too disable Spyware Doctor's protections, so it won't interfere with any of the fixes we are trying
Please keep this disabled until we are entirely done
To deactivate Spyware Doctor's OnGuard Tools
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Select Safe mode from the Startup menu
Once in safe mode
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- SpywareCleanerService
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Start Killbox.exe
Leave "Standard Kill file" selected
In the "Full path of File to Delete" copy and paste entry below in bold
C:\WINDOWS\SMSS.EXE
Then click the Red Circle with the White X
Allow to make a backup and delete the file
Don't worry about no file found messages
Carry on with the same instructions with the rest of these
C:\WINDOWS\INET20005\MM4.EXE
C:\WINDOWS\inet20005\services.exe
C:\windows\smss.exe
C:\windows\winlogon.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
c:\secure32.html
C:\WINDOWS\system32\ib6.dll
Exit Killbox
Find and delete these folders, exact folder name please
C:\WINDOWS\inet20005 <-this folder
C:\Program Files\Spyware Cleaner <-folder
C:\Program Files\SoftwareDoctor <-folder
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
==Open Ewido anti-malware 3.5
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20005\services.exe
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20005\services.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Remain in safe mode
Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
Open Hijackthis again, open Misc tools section
Open "Delete an NT service"
In the new box in the open field
Copy and paste the following below in bold
Then Hit OK
SpywareCleanerService
Reboot back to Normal mode
Back in Windows
I need to see the following please
1. A fresh hijackthis log
2. The full report from Ewido's
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt
NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
Post by: nicetruk on December 31, 2005, 10:02:30 PM
Here is the Smitfiles.txt,
The Ewido report and
a new hijackthis log...
From what I can tell, it seems to have cleared-up everything...
Thanks for the assist.
Any more suggestions or recommended donation spots...I'm in...
thanks again
Jeff
~~~ Upon reboot ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~ Upon completion ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~~ Rechecking C:\windows\system32\wininet.dll for infection ~~~~
~~~~ C:\windows\system32\wininet.dll Clean!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> ~~~~---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:47:50 PM, 12/31/2005
+ Report-Checksum: 2118F36D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-839522115-1454471165-682003330-1004\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-839522115-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
C:\!KillBox\MM4.EXE -> Proxy.Delf.an : Cleaned with backup
C:\!KillBox\services.exe -> Downloader.CWS.r : Cleaned with backup
C:\WINDOWS\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\WINDOWS\system32\saie321.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool1.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned with backup
C:\WINDOWS\inet20003\services.exe -> Downloader.CWS.r : Cleaned with backup
C:\Program Files\Common Files\rrlljdjn\tpahpnap\nbltdnej.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\rrlljdjn\rlfhnfntna\fdlrdnlfp.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP306\A0092593.exe -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092918.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092922.EXE -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092923.exe -> Worm.Delf.i : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092941.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092945.EXE -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092946.exe -> Downloader.CWS.r : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092948.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{5CB735D4-3FE9-49A0-8DA8-3B539F1E5D8E}\RP307\A0092981.dll -> Spyware.Ihbo : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 8:47:58 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\windows\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\windows\system32\HPHipm09.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Jeff Harris\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm (http://\"http://www.rr.com/flash/index.cfm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople (http://\"http://www.sony.com/vaiopeople\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (http://\"http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135908983531\")
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
got the link from your last post...
sent a little package via paypal
Post by: guestolo on January 01, 2006, 01:15:43 PM
We still have a bit more to do however
Do a "System scan only" with Hijackthis and put a check next to these entries:
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
You appeared to have a Spambot and a nasty keylogger on your machine
I suggest you change all passwords to your email and online financial institutes to be safe
Your Windows notifications may of changed
Can you access your Windows Control panel
Open Security Center
If you typically have these enabled, can you correct them please
Click on Change the Way Security Center alerts me
Check the ones that you require to be enabled
Post back a fresh Hijackthis afterwards
Additionally, it didn't appear you posted the whole log from SmitRem
Can you navigate back to C:\Smitfiles.txt
Copy and paste back the Whole contents please
Post by: nicetruk on January 01, 2006, 09:23:17 PM
here is the only smitfiles.txt I have:
~~~ Upon reboot ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~ Upon completion ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~~ Rechecking C:\windows\system32\wininet.dll for infection ~~~~
~~~~ C:\windows\system32\wininet.dll Clean!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> ~~~~here is the new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:07:30 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\EXPLORER.EXE
C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sony\VAIO_MX\Delegate.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\windows\system32\hpoipm07.exe
C:\windows\system32\HPHipm09.exe
C:\windows\system32\wuauclt.exe
D:\hijack files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm (http://\"http://www.rr.com/flash/index.cfm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople (http://\"http://www.sony.com/vaiopeople\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHmon03] C:\windows\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (http://\"http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135908983531 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135908983531\")
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MxLcdLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\LCD\MxLcdLib.exe
O23 - Service: MxSndLib - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SND\MxSndLib.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\windows\system32\HPHipm09.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SonyMxTimer - Sony Corporation - C:\Program Files\Sony\VAIO_MX\SonyMxTimer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
I went to the windows security center, but was unable to check the Change the way Security Center alerts me.
The message said that I have not started security center...
I did go to the individual items of firewall, internet security and automatic updates... Made sure that all were proper...
Post by: guestolo on January 02, 2006, 12:59:58 AM
Is it normally disabled? Do you usually have a red shield icon by the system tray icon?
For a double check
If you go to START>>RUN>>type in
services.msc
In the new window look for Security Center
Double click to open it
Are you able to set to Automatic in the drop down menu
and Start the service?
Post by: nicetruk on January 02, 2006, 07:17:37 PM
Here is the exported list... not there...
Name Description Status Startup Type Log On As
Alerter Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
Application Layer Gateway Service Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Started Manual Local Service
Application Management Provides software installation services such as Assign, Publish, and Remove. Manual Local System
Automatic Updates Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Started Automatic Local System
Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Started Automatic Local System
ClipBook Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Local System
COM+ Event System Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Started Manual Local System
COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
Computer Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Automatic Local System
Cryptographic Services Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
DCOM Server Process Launcher Provides launch functionality for DCOM services. Started Automatic Local System
DHCP Client Manages network configuration by registering and updating IP addresses and DNS names. Started Automatic Local System
Distributed Link Tracking Client Maintains links between NTFS files within a computer or across computers in a network domain. Started Automatic Local System
Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Network Service
DNS Client Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Network Service
Error Reporting Service Allows error reporting for services and applictions running in non-standard environments. Started Automatic Local System
Event Log Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Started Automatic Local System
ewido security suite control Started Automatic Local System
ewido security suite guard Automatic Local System
Fast User Switching Compatibility Provides management for applications that require assistance in a multiple user environment. Started Manual Local System
Help and Support Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
HID Input Service Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
HTTP SSL This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
IMAPI CD-Burning COM Service Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
Indexing Service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Manual Local System
InstallDriver Table Manager Provides support for the Running Object Table for InstallShield Drivers Manual Local System
IPSEC Services Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Started Automatic Local System
Logical Disk Manager Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
Logical Disk Manager Administrative Service Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Manual Local System
Machine Debug Manager Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly. Started Automatic Local System
Messenger Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Local System
MS Software Shadow Copy Provider Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
MxLcdLib Started Automatic Local System
MxSndLib Started Automatic Local System
Net Logon Supports pass-through authentication of account logon events for computers in a domain. Manual Local System
NetMeeting Remote Desktop Sharing Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Started Manual Local System
Network DDE Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Local System
Network DDE DSDM Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Local System
Network Location Awareness (NLA) Collects and stores network configuration and location information, and notifies applications when this information changes. Started Manual Local System
Network Provisioning Service Manages XML configuration files on a domain basis for automatic network provisioning. Manual Local System
NT LM Security Support Provider Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Manual Local System
NVIDIA Driver Helper Service Started Automatic Local System
Office Source Engine Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Manual Local System
PC Tools Spyware Doctor Automatic Local System
Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Network Service
Plug and Play Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Started Automatic Local System
Pml Driver Started Manual Local System
Portable Media Serial Number Service Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Manual Local System
Print Spooler Loads files to memory for later printing. Started Automatic Local System
Protected Storage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Started Automatic Local System
QoS RSVP Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Manual Local System
Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Manual Local System
Remote Access Connection Manager Creates a network connection. Started Manual Local System
Remote Desktop Help Session Manager Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. Manual Local System
Remote Procedure Call (RPC) Provides the endpoint mapper and other miscellaneous RPC services. Started Automatic Network Service
Remote Procedure Call (RPC) Locator Manages the RPC name service database. Manual Network Service
Removable Storage Manual Local System
Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Disabled Local System
Secondary Logon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Security Accounts Manager Stores security information for local user accounts. Started Automatic Local System
Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Shell Hardware Detection Started Automatic Local System
Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
Sony SPTI Service Manual Local System
SonyMxTimer Started Automatic Local System
SSDP Discovery Service Enables discovery of UPnP devices on your home network. Started Manual Local Service
StarWind iSCSI Service Enables network access to local devices via iSCSI protocol. Started Automatic Local System
StyleXPService Started Automatic Local System
System Event Notification Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Started Automatic Local System
System Restore Service Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Started Automatic Local System
Task Scheduler Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
TCP/IP NetBIOS Helper Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Started Automatic Local Service
Telephony Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Started Manual Local System
Terminal Services Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Started Manual Local System
Themes Provides user experience theme management. Started Automatic Local System
Trend Micro Central Control Component Manages the Trend Micro PC-cillin components. Started Automatic Local System
Trend Micro Personal Firewall Manages the Trend Micro Personal Firewall. Started Automatic Local System
Trend Micro Proxy Service Manages the Trend Micro Proxy. Started Automatic Local System
Trend Micro Real-time Service Enables scanning in real time. Started Automatic Local System
Uninterruptible Power Supply Manages an uninterruptible power supply (UPS) connected to the computer. Manual Local System
Universal Plug and Play Device Host Provides support to host Universal Plug and Play devices. Manual Local Service
Volume Shadow Copy Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
Windows Audio Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Windows Firewall/Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Started Automatic Local System
Windows Image Acquisition (WIA) Provides image acquisition services for scanners and cameras. Started Automatic Local System
Windows Installer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Started Automatic Local System
Windows User Mode Driver Framework Enables Windows user mode drivers. Started Automatic Local Service
Wireless Zero Configuration Provides automatic configuration for the 802.11 adapters Started Automatic Local System
WMI Performance Adapter Provides performance library information from WMI HiPerf providers. Manual Local System
Workstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
Post by: guestolo on January 02, 2006, 09:45:42 PM
From below can you download and save Find.zip
UNZIP the contents to your desktop and double click on Find.bat
A text file should open, can you copy and paste back here the contents please
Post by: nicetruk on January 03, 2006, 07:38:47 PM
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="NT Authority\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Post by: guestolo on January 04, 2006, 11:56:03 PM
I want to make sure we keep you clean
Can you do the following pleaseIf everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Make sure you reenable system restore feature
Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"
Open Spybot
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Do that after every update
Sorry, didn't mean to post this, was a bad copy and paste problem
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Now that you have cleared your restore points and reenabled system restore
Download from below, Fix.zip, save it please
UNZIP the contents to your desktop
Double click on fix.reg and allow to merge to the registry
Reboot your computer
Let me know if you can start the Security service or if it's started
Use the control panel or Services.msc
Post by: nicetruk on January 05, 2006, 09:26:10 PM
Everything looks great...
Thank you again for all you time and effort.
I'll try to keep scanning after any downloads and at each startup.
Keep fighting the good fight.
nice
Post by: guestolo on January 06, 2006, 01:55:36 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I have my old 72 chevy pickup, hand me down from my Mom years ago
She was the original owner, I can't part with it,
Has about 95,000 miles on it
She still looks great, needs minor TLC, but I'll get to it
I'll lock this topic soon as your problems are resolved
Take care
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />