Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Spawn

Pages: [1]
1
Tech Clinic / Constant slow running even after a reboot
« on: March 23, 2006, 02:38:31 PM »
It seems as though I have a problem. I play an online html turn based game and it runs like crap constantly. It's not graphics intensive, not much of a ram eater, it just runs slow and "jerky". My system will start doing this at any given time. I have Zone Alarm Pro and Spyware Doctor running in the background. Even after scans which find maybe 6 - 8 cookies that it cleans I still have the problem. I've included a HJT log and an Autorunds as well hoping someone might be able to find whatever could be causing this problem. Thank you for taking the time to help in advance. Also my girlfirend said that after running a ZAPro scan it showed something called Net.cmd and Net1.exe. Could this have anything to do with the problem? I used to have a site marked that told about all the different types of files and whether they were legit or not, but have lost it.

Logfile of HijackThis v1.99.1
Scan saved at 2:25:26 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\autoruns.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.se1.attbb.net;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\WINDOWS\DOWNLO~1\hbhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\WINDOWS\DOWNLO~1\hbhelper.dll",WaitWindows
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5\Help\wwhelp2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {038318E8-0C2D-4DF5-A7AF-B4FB373F501E} (HBHelper.HBActivex) - http://download.henbang.net/download/updatelist/helper.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512129509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512120917
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...386/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS4\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Also, here is the Autoruns log (Autorun V 8.5 by Sysinternals)


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms      
 + rdpclip   RDP Clip Monitor   (Not verified) Microsoft Corporation   c:\windows\system32\rdpclip.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup          HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup          HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup          HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon          HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit          HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell          HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell          HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell          + C:\Program         File not found: C:\Program + Files\Common         File not found: Files\Common + Files\Microsoft         File not found: Files\Microsoft + Shared\Web         File not found: Shared\Web HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run          + Creative WebCam Tray   PC-CAM Center Launcher Application   (Not verified) Creative Technology Ltd   c:\program files\creative\pc-cam center\camtray.exe + Disc Detector   Disc Detector   (Not verified) Creative Technology Ltd.   c:\program files\creative\sharedll\ctnotify.exe + FLMMEMOREX203         c:\program files\browser mouse\2.03\mouse32a.exe + InCD   InCD   (Not verified) Ahead Software AG   c:\program files\ahead\incd\incd.exe + Jammer   Jammer. Network protection utility.   (Not verified) Agnitum Ltd.   c:\program files\agnitum\jammer 1.95\jammer.exe + Jet Detection   Creative JetDetect      c:\program files\creative\sblive\program\adgjdet.exe + NeroCheck   NeroCheck   (Not verified) Ahead Software Gmbh   c:\windows\system32\\nerocheck.exe + nwiz   NVIDIA nView Wizard, Version 100.40    (Not verified) NVIDIA Corporation   c:\windows\system32\nwiz.exe + SunJavaUpdateSched   Java(tm) 2 Platform Standard Edition binary   (Not verified) Sun Microsystems, Inc.   c:\program files\java\jre1.5.0_06\bin\jusched.exe + WINDVDPatch   CtHelper Application   (Not verified) Creative Technology Ltd   c:\windows\system32\cthelper.exe + Zone Labs Client   Zone Labs Client   (Verified) Check Point Software Technologies Inc.   c:\program files\zone labs\zonealarm\zlclient.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce          C:\Documents and Settings\All Users\Start Menu\Programs\Startup          + Adobe Reader Speed Launch.lnk   Adobe Acrobat SpeedLauncher   (Not verified) Adobe Systems Incorporated   c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe C:\Documents and Settings\Chris\Start Menu\Programs\Startup          HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load          HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run          HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run          HKCU\Software\Microsoft\Windows\CurrentVersion\Run          + CursorXP   CursorXP   (Not verified)     c:\program files\cursorxp\cursorxp.exe + Eraser   Eraser.   (Not verified) -   c:\program files\eraser\eraser.exe + FreeRAM XP   FreeRAM XP Pro (YourWare Solutions)   (Not verified) YourWare Solutions (tm)   c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe + Spyware Doctor   Spyware Doctor   (Verified) PC Tools Pty Ltd   c:\program files\spyware doctor\swdoctor.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce          HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce          HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx          HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run          HKLM\SOFTWARE\Classes\Protocols\Filter          + Class Install Handler   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + deflate   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + gzip   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + lzdhtml   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll HKLM\SOFTWARE\Classes\Protocols\Handler          + cdl   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + cdo   Microsoft SharePoint Portal Server Object Model   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\web folders\pkmcdo.dll + file   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + ftp   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + gopher   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + http   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + https   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + local   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + mk   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll + ms-itss   Microsoft® InfoTech Storage System Library   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\information retrieval\msitss.dll HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components          HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad          + 0aMCPClient         File not found: CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\InprocServer32 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks          HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved          + Desktop Explorer   NVIDIA Desktop Explorer, Version 100.40    (Not verified) NVIDIA Corporation   c:\windows\system32\nvshell.dll + Desktop Explorer Menu   NVIDIA Desktop Explorer, Version 100.40    (Not verified) NVIDIA Corporation   c:\windows\system32\nvshell.dll + Eraser Shell Extension   Eraser Shell Extension.   (Not verified) -   c:\program files\eraser\erasext.dll + Macromedia FTP & RDS   CfShellFtpRds Module   (Not verified) Macromedia, Inc.   c:\windows\system32\cfshellftprds.dll + nView Desktop Context Menu   NVIDIA Desktop Explorer, Version 100.40    (Not verified) NVIDIA Corporation   c:\windows\system32\nvshell.dll + Pop-Up Stopper &Companion   Pop-Up Stopper Companion   (Not verified) Panicware, Inc.   c:\program files\panicware\pop-up stopper companion\popupus.dll + Shell Extension for CDRW   UDF Shell Extension DLL   (Not verified) Ahead Software, Karlsbad, Germany   c:\program files\ahead\incd\incdshx.dll + Shell Extensions for RealOne Player   RealPlayer Shell Extensions   (Not verified) RealNetworks, Inc.   c:\program files\real\realplayer\rpshell.dll + Web Folders   Microsoft Web Folders   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\web folders\msonsext.dll + WinAce Archiver 2.5 Context Menu Shell Extension   WinAce-Archiver Shell Extension    (Not verified) e-merge GmbH   c:\program files\winace\arcext.dll + WinAce Archiver 2.5 Context Menu Shell Extension   WinAce-Archiver Shell Extension    (Not verified) e-merge GmbH   c:\program files\winace\arcext.dll + WinAce Archiver 2.5 DragDrop Shell Extension   WinAce-Archiver Shell Extension    (Not verified) e-merge GmbH   c:\program files\winace\arcext.dll + WinAce Archiver 2.5 Property Sheet Shell Extension   WinAce-Archiver Shell Extension    (Not verified) e-merge GmbH   c:\program files\winace\arcext.dll + WinRAR shell extension         c:\program files\winrar\rarext.dll + WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing, Inc.   c:\program files\winzip\wzshlstb.dll + WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing, Inc.   c:\program files\winzip\wzshlstb.dll + WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing, Inc.   c:\program files\winzip\wzshlstb.dll + WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing, Inc.   c:\program files\winzip\wzshlstb.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved          HKLM\Software\Classes\Folder\Shellex\ColumnHandlers          + PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects          + AcroIEHlprObj Class   Adobe Acrobat IE Helper Version 7.0 for ActiveX   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll + CCHelper Class   Cleaning Companion Helper Module      c:\program files\panicware\pop-up stopper companion\cchelper.dll + CNavExtBho Class   Norton AntiVirusNAVShellExt Module   (Verified) Symantec Corporation   c:\program files\norton internet security professional\norton antivirus\navshext.dll + CNisExtBho Class   NIS Shell Extension   (Not verified) Symantec Corporation   c:\program files\common files\symantec shared\adblocking\nisshext.dll + HBObject Class   HBHelper Module   (Not verified) Shanghai Henbang Technology Co., Ltd   c:\windows\downloaded program files\hbhelper.dll + PCTools Browser Monitor   iesdpb.dll   (Verified) PC Tools Pty Ltd   c:\program files\spyware doctor\tools\iesdpb.dll + PCTools Site Guard   Site Guard   (Verified) PC Tools Pty Ltd   c:\program files\spyware doctor\tools\iesdsg.dll + SSVHelper Class   Java(tm) 2 Platform Standard Edition binary   (Not verified) Sun Microsystems, Inc.   c:\program files\java\jre1.5.0_06\bin\ssv.dll + {53707962-6F74-2D53-2644-206D7942484F}   Bad download blocker   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\sdhelper.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks          HKLM\Software\Microsoft\Internet Explorer\Toolbar          HKCU\Software\Microsoft\Internet Explorer\Explorer Bars          HKLM\Software\Microsoft\Internet Explorer\Explorer Bars          HKCU\Software\Microsoft\Internet Explorer\Extensions          + NeoTrace It!         c:\program files\neotrace express\ntxtoolbar.htm HKLM\Software\Microsoft\Internet Explorer\Extensions          + Yahoo! Messenger         c:\program files\yahoo!\messenger\ypager.exe Task Scheduler          HKLM\System\CurrentControlSet\Services          + cpuidle         c:\windows\system32\drivers\etc\cpuidle\srvany.exe + Creative Service for CDROM Access   Creative Service for CDROM Access   (Not verified) Creative Technology Ltd   c:\windows\system32\ctsvccda.exe + InCDsrv   Helper service for the InCD filesystem driver   (Not verified) AHEAD Software   c:\program files\ahead\incd\incdsrv.exe + SDhelper      (Verified) PC Tools Pty Ltd   c:\program files\spyware doctor\sdhelp.exe + vsmon   Monitors internet traffic and generates alerts for disallowed access.   (Verified) Check Point Software Technologies Inc.   c:\windows\system32\zonelabs\vsmon.exe HKLM\System\CurrentControlSet\Services          + ACPI   ACPI Driver for NT   (Not verified) Microsoft Corporation   c:\windows\system32\drivers\acpi.sys + ikhlayer      (Not verified) PCTools Research Pty Ltd.   c:\windows\system32\drivers\ikhlayer.sys + InCDPass   Ahead CD-RW Filter Driver   (Not verified) Ahead Software   c:\windows\system32\drivers\incdpass.sys + LMIInfo   RemotelyAnywhere Kernel Information Provider   (Verified) 3am Labs, Inc.   c:\program files\logmein\rainfo.sys + LMImirr   RemotelyAnywhere Mirror Miniport Driver   (Verified) 3am Labs, Inc.   c:\windows\system32\drivers\lmimirr.sys + NAVENG   AV Engine   (Verified) Symantec Corporation   c:\program files\common files\symantec shared\virusdefs\20031104.016\naveng.sys + NAVEX15   AV Engine   (Verified) Symantec Corporation   c:\program files\common files\symantec shared\virusdefs\20031104.016\navex15.sys + NPDriver   Norton Protection Driver   (Not verified) Symantec Corporation   c:\windows\system32\drivers\npdriver.sys + NPF   NPF Driver - TME extensions   (Not verified) Politecnico di Torino   c:\windows\system32\drivers\npf.sys + ousbehci   USB 2.0 Enhanced Host Controller Driver   (Not verified) OrangeWare Corporation   c:\windows\system32\drivers\ousbehci.sys + PfModNT   PCI/ISA Device Info. Service   (Not verified) Creative Technology Ltd.   c:\windows\system32\pfmodnt.sys + rtl8139         File not found: System32\DRIVERS\RTL8139.SYS + Secdrv   SafeDisc driver   (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.   c:\windows\system32\drivers\secdrv.sys + SymEvent         File not found: C:\Program Files\Symantec\SYMEVENT.SYS + symlcbrd         c:\windows\system32\drivers\symlcbrd.sys + SYMTDI   Norton Internet Security Filter   (Verified) Symantec Corporation   c:\windows\system32\drivers\symtdi.sys + TVICHW32   TVicHW32 Driver for Windows NT/2000/XP   (Not verified) EnTech Taiwan   c:\windows\system32\drivers\tvichw32.sys + vsdatant   TrueVector Device Driver   (Verified) Check Point Software Technologies Inc.   c:\windows\system32\vsdatant.sys + WINFLASH         c:\windows\system32\drivers\winflash.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options          HKLM\SOFTWARE\Microsoft\Command Processor\Autorun          HKCU\SOFTWARE\Microsoft\Command Processor\Autorun          HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls          HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls          + urlmon   OLE32 Extensions for Win32   (Not verified) Microsoft Corporation   c:\windows\system32\urlmon.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman          HKCU\Control Panel\Desktop\Scrnsave.exe          HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName          HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9          HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors          HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages          HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages          HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

2
Tech Clinic / Win32.Qoologic.ax help and other misc trojans
« on: February 22, 2006, 02:30:40 AM »
Okay after all the fighting with everything I was finally able to get back and check out your reply and get it running. Only bad thing is this. I've used Ewido before and it's expired, so I was able to do everything except that and the logs follow....

The HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:05 AM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Blue Squirrel\Blue Squirrel's PopUp Stopper\PopUpStopper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.se1.attbb.net;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Blue Squirrel's PopUp Stopper.lnk = C:\Program Files\Blue Squirrel\Blue Squirrel's PopUp Stopper\PopUpStopper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5\Help\wwhelp2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512129509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512120917
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ospreycam.whoi.edu/activex/AxisCamControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...386/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

________________________________________________________________________________
___________________

and the FindQ log:

Find Qoologic last edited 01/08/2006
Running from
C:\Documents and Settings\Chris\Desktop\FindQoologic\FindQ\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
C:\WINDOWS\SYSTEM32\MSXML3A.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]
________________________________________________________________________________
____________________

I ran the clean windows as instructed and the current versions of both Ad-Aware and S-B..
After running the Ad-Aware it posted 9 problems and fixed them all, while Spy-Bot ran through clean finding nothing.

3
Tech Clinic / Win32.Qoologic.ax help and other misc trojans
« on: February 19, 2006, 10:19:30 PM »
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
Ahead InCD
Ahead NeroVision Express
Alchemy 1.2
Alien Skin Xenofex 2.0
AOL Instant Messenger
Bejeweled 1.23
BitTorrent 3.4.1
BookWorm Deluxe 1.0y
Bounce Out
Browser Mouse 2.03
Bryce® 5
Card & Board Games 3
CC_ccProxyMSI
CC_ccStart
ccCommon
Civilization III - Gold Edition
C-Media WDM Audio Driver
CoffeeCup Button Factory
CoffeeCup Firestarter
CoffeeCup Image Mapper++
Collapse
Collector's Edition 251
Cool Edit Pro 2.0
CorelDRAW Graphics Suite 12
Creative AudioHQ
Creative Diagnostics
Creative PC-CAM Center
Creative PlayCenter
Creative Restore Defaults
Creative Surround Mixer
Creative WebCam Monitor
Creative WebCam Pro Driver
Creative WebCam Pro Manual (English)
CursorXP
CuteFTP 6 Home
Diablo II
Diagnostic Tool for the Microsoft VM
DivX Codec
DivX Player
Doom 3
Eraser
ewido anti-malware
Extensis Intellihance Pro 4.0
Eye Candy 4000
FileSpecs plug-in for Ad-Aware SE
Galaxy of WinGames
Gardener Special Edition
GCN
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
Hoyle Card Games 2005
Hoyle Games Demo 2005
IconPackager
iDailyDiary 2.11
Invision 2.0 Build 3515
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jammer 1.95 build 0811
Kaspersky On-line Scanner
Kazaa Lite K++ v2.4.3
Lavasoft Reghance 2.1
LimeWire 4.10.3
LiveReg (Symantec Corporation)
LSP Explorer plug-in for Ad-Aware SE
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia FreeHand 10
Macromedia HomeSite 5
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
MilkShape 3D 1.7.2
mIRC
Morpheus 5.1 (remove only)
MSN Messenger 7.5
MSRedist
NeoTrace Express 3.25
Nero - Burning Rom
NetAlyzer 0.3
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security Professional
Norton Internet Security Professional
NVIDIA Drivers
NVIDIA WDM Drivers
OE/W Messengerctrl plug-in for Ad-Aware SE
Old West Poker Special Edition
Opera
Paint Shop Pro 7
Palace Uninstall
Panda ActiveScan
Panicware Pop-Up Stopper Companion
PC Pitstop Optimize 1.0v
PcBugDoctor 1,0,0,3
Pharaoh and Cleopatra
PowerDVD
QuickTime 3.0
RealArcade
RealPlayer
Registry Defender
Seagate SeaTools English Online
SimEnhancer 3D
SmartStartup
Solitaire Master 3 Special Edition 1
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
The Sims 2
The Sims Art Studio
The Sims Character Makeover Studio
The Sims File Cop
The Sims Livin' Large
Trellian LiveUpgrade v2.0
Trellian SubmitWolf v6.0
Trillian
Ulead Photo Express 4.0 My Custom Edition
Uninstall Mystical
Update for Windows XP (KB898461)
USB 2.0 Setup program
Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Messenger
Zeus & Poseidon
Zuma Deluxe RA


Here's the FindQoologic report:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"FLMMEMOREX203"="C:\\Program Files\\Browser Mouse\\2.03\\mouse32a.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WINDVDPatch"="CTHELPER.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\PC-CAM Center\\CAMTRAY.EXE"
"Jammer"="C:\\PROGRA~1\\Agnitum\\JAMMER~1.95\\jammer.exe"
"A8GSdsApp"="C:\\Program Files\\A8GSdsApp\\AGSeiApp.exe"
"PCPitstop Optimize Registration Reminder"="C:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- Erasext
{8BE13461-936F-11D1-A87D-444553540000}
C:\PROGRA~1\Eraser\erasext.dll

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido anti-malware\context.dll

Subkey --- gfgqtfmx
{c0e5aa06-9f8c-45ca-b9a9-8519d2a6984a}


Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
C:\Program Files\WinAce\arcext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
Microsoft Office.lnk
==============================
C:\Documents and Settings\Chris\Start Menu\Programs\Startup

desktop.ini
Microsoft Office.lnk
desktop.ini
PowerReg Scheduler V3.exe
Zeno.lnk
Z_Start.lnk
==============================
C:\WINDOWS\system32 cpl files


access.cpl                    Microsoft Corporation
appwiz.cpl                    Microsoft Corporation
AudioHQU.cpl                  Creative Technology Ltd.
bthprops.cpl                  Microsoft Corporation
CTDetect.cpl                  Creative Technology Ltd.
desk.cpl                      Microsoft Corporation
firewall.cpl                  Microsoft Corporation
hdwwiz.cpl                    Microsoft Corporation
inetcpl.cpl                   Microsoft Corporation
intl.cpl                      Microsoft Corporation
irprops.cpl                   Microsoft Corporation
joy.cpl                       Microsoft Corporation
jpicpl32.cpl                  Sun Microsystems, Inc.
main.cpl                      Microsoft Corporation
mmsys.cpl                     Microsoft Corporation
ncpa.cpl                      Microsoft Corporation
netsetup.cpl                  Microsoft Corporation
nusrmgr.cpl                   Microsoft Corporation
nvtuicpl.cpl                  NVIDIA Corporation
nwc.cpl                       Microsoft Corporation
odbccp32.cpl                  Microsoft Corporation
powercfg.cpl                  Microsoft Corporation
QuickTime.cpl                 Apple Computer, Inc.
sysdm.cpl                     Microsoft Corporation
telephon.cpl                  Microsoft Corporation
timedate.cpl                  Microsoft Corporation
wscui.cpl                     Microsoft Corporation
wuaucpl.cpl                   Microsoft Corporation

And finally the findQ log.....

Find Qoologic last edited 01/08/2006
Running from
C:\Documents and Settings\Chris\Desktop\FindQoologic\FindQ\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
C:\WINDOWS\SYSTEM32\MSXML3A.DLL
C:\WINDOWS\BVBPLV.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gfgqtfmx]
@="{c0e5aa06-9f8c-45ca-b9a9-8519d2a6984a}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....

4
Tech Clinic / Win32.Qoologic.ax help and other misc trojans
« on: February 19, 2006, 01:04:51 PM »
I'm in need of some serious help. Seems we've been infected with what seems like every trojan known to man. Okay, not really but can someone please go over my HJT log and tell me what I need to do to rid myself of all these annoyances?  Thanks for any help someone can give.
Spawn

Logfile of HijackThis v1.99.1
Scan saved at 12:55:27 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.se1.attbb.net;<local>
R3 - URLSearchHook: (no name) - {D8E64A8F-F51E-CFEF-1E81-865A6D3A16C1} - C:\WINDOWS\system32\myuno.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsoD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmpuro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8E64A8F-F51E-CFEF-1E81-865A6D3A16C1} - C:\WINDOWS\system32\myuno.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Tray] C:\DOCUME~1\Chris\LOCALS~1\Temp\Joi6.tmp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinnsai.exe FI002
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinnsai.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\ZIFI002.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm082YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5\Help\wwhelp2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/07e50315dfe280...ip/RdxIE601.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512129509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127512120917
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://ospreycam.whoi.edu/activex/AxisCamControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...386/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)

Pages: [1]