Author Topic: "Possible browser hi-jack" (Read 4048 times)

bigunit · « **on:** May 11, 2005, 05:34:03 AM »

Microsoft AntiSpyware Beta1 keeps turning up a "Possible Browser Hi-jack" on IE Search page. I select "Remove" every time, but every subsequent scan says it is still there.
I also run Ad-Aware SE Personal, Spyware Doctor, SpySubtract, and Spybot, but none of these flag the browser hi-jack. Only the MS AntiSpyware detects it.
Frequently I am warned that my Home Page and Search page settings have been changed, but I am able to Deny this using whichever anti-spyware program detected the attempted change.
Basically, it is an irritating problem that I can't seem to solve.
Below is my Hijackthis log. I hope someone can help me with this problem.
Many thanks,
bigunit

Logfile of HijackThis v1.99.1
Scan saved at 11:21:45, on 11/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\BT Broadband Help\bin\BTHelp.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GSISETUP] C:\DOCUME~1\Owner\LOCALS~1\Temp\GsiInst.exe INSTALL C:\DOCUME~1\Owner\LOCALS~1\Temp\.\V205Res 13
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112397606140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #1 on:** May 12, 2005, 09:05:40 AM »

Just bumping this so I don't forget about it, if you still need a hand
I'll take a look later when I'm back from work

If you see this before then
Could you run a fresh scan with Hijackthis and post a new log
Let's make sure nothing has changed

I see a couple nasties in your log

EDIT>>Please post a fresh hijackthis log if you still need a Hand, thanks

bigunit · « **Reply #2 on:** May 14, 2005, 03:19:49 PM »

Hi,
I installed Adware Away since the last post and performed the about:this for XP delete they recommended, but it's still there. Adware Away is detecting 2 SCAgent trojans every scan but although it says it is deleting them, they are till there on subsequent scan.
Here's my latest hijakthis log. Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 21:13:03, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Geek Superhero\GeekSuperhero.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Geek Superhero\GeekSuperhero.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Geek Superhero] C:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112397606140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Filter: text/html - {99FEA1B2-7881-11D1-A9E2-00403320FCF2} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #3 on:** May 14, 2005, 03:46:45 PM »

This line is related to Geek SuperHero
O18 - Filter: text/html - {99FEA1B2-7881-11D1-A9E2-00403320FCF2} - (no file)

It seems the program is not running properly
I would uninstall it for now, or leave it uninstalled if you don't need it
But leave it removed until we have figured out your problem
You have many Malware and spyware tools already on your computer

AdAware-Away, I don't use it or recommend it, optional, but I would remove it too if you don't need it or didn't pay for it

Restart your computer if, or once you have removed the above

Afterwards
Download ServiceFilter.zip http://home.comcast.net/~rand1038/vbscript/ServiceFilter.zip
Extract it to a new folder on your desktop.
Double-click ServiceFilter.vbs.
This script will create a text file named Post_This.txt in the same folder as the script itself has been saved.
Copy and paste the contents of Post_This.txt in your next reply here.

bigunit · « **Reply #4 on:** May 15, 2005, 06:08:10 AM »

I uninstalled Geek but I have left AdwareAway as I'd paid for that prog.

Below is the log as you instructed:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
May 15, 2005 12:04:44

---> Begin Service Listing <---

Unknown Service # 1
Service Name: ISSVC
Display Name: ISSvc
Start Mode: Auto
Start Name: LocalSystem
Description: Internet Security ...
Service Type: Own Process
Path: "c:\program files\norton internet security\issvc.exe"
State: Running
Process ID: 1820
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 2
Service Name: SPBBCSvc
Display Name: Symantec SPBBCSvc
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec ...
Service Type: Own Process
Path: "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
State: Running
Process ID: 1268
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service #3
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{cdb0972a-58c1-4dbb-81d5-38d792be083c}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 94 Win32 services on this machine.
3 were unrecognized.

Script Execution Time: 2.453125 seconds.

guestolo · « **Reply #5 on:** May 15, 2005, 09:06:06 AM »

Without allowing the changes from your Spyware Tools I can't see what the bad guys are

Could you possibly show me a report of the last scan from Microsoft Anti-Spyware Beta
You may want to include a report from Adware Away also

bigunit · « **Reply #6 on:** May 15, 2005, 11:20:46 AM »

AdwareAway seems to be suggesting the problem is the about:blank XP browser hijacker.

AdwareAway scan report:

User Name :Stephen Oxley
User Email :[email protected]
Registered :Yes
User Id :{f1f4db42-9ca2-4527-bdd5-fb8210251fed}
Symptom :

*************************************************************
* Adware Away 2.2.8.8
* Global Scanning Log For Windows XP
* Log created time : 2005-5-15 16:51:36
* For more information,please visit:
* WebSite: http://www.AdwareAway.com
* OR
* Support: [email protected]
* License Type: Single License
* {f1f4db42-9ca2-4527-bdd5-fb8210251fed}
* AdAway : [2005.5.9] Overall : [2005-05-09]
*************************************************************
====================All Running Processes====================
N/A (security restriction)
N/A (security restriction)
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Adobe\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adware Away\AdAway.exe

====================All Running Services====================
Service Name :AudioSrv
Display Name :Windows Audio
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :ccEvtMgr
Display Name :Symantec Event Manager
Binary File :"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Suspicious :No

Service Name :ccProxy
Display Name :Symantec Network Proxy
Binary File :"C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Suspicious :No

Service Name :ccSetMgr
Display Name :Symantec Settings Manager
Binary File :"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Suspicious :No

Service Name :Creative Service for CDROM Access
Display Name :Creative Service for CDROM Access
Binary File :C:\WINDOWS\system32\CTsvcCDA.EXE
Suspicious :No

Service Name :CryptSvc
Display Name :Cryptographic Services
Binary File :C:\WINDOWS\system32\svchost.exe -k netsvcs
Suspicious :No

Service Name :DcomLaunch
Display Name :DCOM Server Process Launcher
Binary File :C:\WINDOWS\system32\svchost -k DcomLaunch
Suspicious :No

Service Name :Dhcp
Display Name :DHCP Client
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :Dnscache
Display Name :DNS Client
Binary File :C:\WINDOWS\System32\svchost.exe -k NetworkService
Suspicious :No

Service Name :ERSvc
Display Name :Error Reporting Service
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :Eventlog
Display Name :Event Log
Binary File :C:\WINDOWS\system32\services.exe
Suspicious :No

Service Name :EventSystem
Display Name :COM+ Event System
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :FastUserSwitchingCompatibility
Display Name :Fast User Switching Compatibility
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :helpsvc
Display Name :Help and Support
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :HidServ
Display Name :HID Input Service
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :iPodService
Display Name :iPod Service
Binary File :"C:\Program Files\iPod\bin\iPodService.exe"
Suspicious :No

Service Name :ISSVC
Display Name :ISSVC
Binary File :"C:\Program Files\Norton Internet Security\ISSVC.exe"
Suspicious :No

Service Name :lanmanserver
Display Name :Server
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :lanmanworkstation
Display Name :Workstation
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :LexBceS
Display Name :LexBce Server
Binary File :C:\WINDOWS\system32\LEXBCES.EXE
Suspicious :No

Service Name :LmHosts
Display Name :TCP/IP NetBIOS Helper
Binary File :C:\WINDOWS\System32\svchost.exe -k LocalService
Suspicious :No

Service Name :navapsvc
Display Name :Norton AntiVirus Auto-Protect Service
Binary File :"C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
Suspicious :No

Service Name :Netman
Display Name :Network Connections
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :Nla
Display Name :Network Location Awareness (NLA)
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :NVSvc
Display Name :NVIDIA Display Driver Service
Binary File :C:\WINDOWS\system32\nvsvc32.exe
Suspicious :No

Service Name :PlugPlay
Display Name :Plug and Play
Binary File :C:\WINDOWS\system32\services.exe
Suspicious :No

Service Name :PolicyAgent
Display Name :IPSEC Services
Binary File :C:\WINDOWS\System32\lsass.exe
Suspicious :No

Service Name :ProtectedStorage
Display Name :Protected Storage
Binary File :C:\WINDOWS\system32\lsass.exe
Suspicious :No

Service Name :RasMan
Display Name :Remote Access Connection Manager
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :RpcSs
Display Name :Remote Procedure Call (RPC)
Binary File :C:\WINDOWS\system32\svchost -k rpcss
Suspicious :No

Service Name :SamSs
Display Name :Security Accounts Manager
Binary File :C:\WINDOWS\system32\lsass.exe
Suspicious :No

Service Name :Schedule
Display Name :Task Scheduler
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :seclogon
Display Name :Secondary Logon
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :SENS
Display Name :System Event Notification
Binary File :C:\WINDOWS\system32\svchost.exe -k netsvcs
Suspicious :No

Service Name :ShellHWDetection
Display Name :Shell Hardware Detection
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :SNDSrvc
Display Name :Symantec Network Drivers Service
Binary File :"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Suspicious :No

Service Name :SPBBCSvc
Display Name :Symantec SPBBCSvc
Binary File :"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Suspicious :No

Service Name :Spooler
Display Name :Print Spooler
Binary File :C:\WINDOWS\system32\spoolsv.exe
Suspicious :No

Service Name :srservice
Display Name :System Restore Service
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :SSDPSRV
Display Name :SSDP Discovery Service
Binary File :C:\WINDOWS\System32\svchost.exe -k LocalService
Suspicious :No

Service Name :Symantec Core LC
Display Name :Symantec Core LC
Binary File :C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Suspicious :No

Service Name :TapiSrv
Display Name :Telephony
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :TermService
Display Name :Terminal Services
Binary File :C:\WINDOWS\System32\svchost -k DComLaunch
Suspicious :No

Service Name :Themes
Display Name :Themes
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :TrkWks
Display Name :Distributed Link Tracking Client
Binary File :C:\WINDOWS\system32\svchost.exe -k netsvcs
Suspicious :No

Service Name :UMWdf
Display Name :Windows User Mode Driver Framework
Binary File :C:\WINDOWS\system32\wdfmgr.exe
Suspicious :No

Service Name :W32Time
Display Name :Windows Time
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :WebClient
Display Name :WebClient
Binary File :C:\WINDOWS\System32\svchost.exe -k LocalService
Suspicious :No

Service Name :winmgmt
Display Name :Windows Management Instrumentation
Binary File :C:\WINDOWS\system32\svchost.exe -k netsvcs
Suspicious :No

Service Name :WMDM PMSP Service
Display Name :WMDM PMSP Service
Binary File :C:\WINDOWS\System32\MsPMSPSv.exe
Suspicious :No

Service Name :wscsvc
Display Name :Security Center
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

Service Name :wuauserv
Display Name :Automatic Updates
Binary File :C:\WINDOWS\system32\svchost.exe -k netsvcs
Suspicious :No

Service Name :WZCSVC
Display Name :Wireless Zero Configuration
Binary File :C:\WINDOWS\System32\svchost.exe -k netsvcs
Suspicious :No

====================SVCHOST DLLs====================
Alerter = %SystemRoot%\system32\alrsvc.dll
AppMgmt = %SystemRoot%\System32\appmgmts.dll
AudioSrv = %SystemRoot%\System32\audiosrv.dll
BITS = C:\WINDOWS\System32\qmgr.dll
Browser = %SystemRoot%\System32\browser.dll
CryptSvc = %SystemRoot%\System32\cryptsvc.dll
DcomLaunch = %SystemRoot%\system32\rpcss.dll
Dhcp = %SystemRoot%\System32\dhcpcsvc.dll
dmserver = %SystemRoot%\System32\dmserver.dll
Dnscache = %SystemRoot%\System32\dnsrslvr.dll
ERSvc = %SystemRoot%\System32\ersvc.dll
EventSystem = C:\WINDOWS\System32\es.dll
FastUserSwitchingCompatibility = %SystemRoot%\System32\shsvcs.dll
helpsvc = %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
HidServ = %SystemRoot%\System32\hidserv.dll
HTTPFilter = %SystemRoot%\System32\w3ssl.dll
lanmanserver = %SystemRoot%\System32\srvsvc.dll
lanmanworkstation = %SystemRoot%\System32\wkssvc.dll
LmHosts = %SystemRoot%\System32\lmhsvc.dll
Messenger = %SystemRoot%\System32\msgsvc.dll
Netman = %SystemRoot%\System32\netman.dll
Nla = %SystemRoot%\System32\mswsock.dll
NtmsSvc = %SystemRoot%\system32\ntmssvc.dll
RasAuto = %SystemRoot%\System32\rasauto.dll
RasMan = %SystemRoot%\System32\rasmans.dll
RemoteAccess = %SystemRoot%\System32\mprdim.dll
RpcSs = %SystemRoot%\system32\rpcss.dll
Schedule = %SystemRoot%\system32\schedsvc.dll
seclogon = %SystemRoot%\System32\seclogon.dll
SENS = %SystemRoot%\system32\sens.dll
SharedAccess = %SystemRoot%\System32\ipnathlp.dll
ShellHWDetection = %SystemRoot%\System32\shsvcs.dll
srservice = C:\WINDOWS\System32\srsvc.dll
SSDPSRV = %SystemRoot%\System32\ssdpsrv.dll
stisvc = %SystemRoot%\system32\wiaservc.dll
TapiSrv = %SystemRoot%\System32\tapisrv.dll
TermService = %SystemRoot%\System32\termsrv.dll
Themes = %SystemRoot%\System32\shsvcs.dll
TrkWks = %SystemRoot%\system32\trkwks.dll
upnphost = %SystemRoot%\System32\upnphost.dll
W32Time = C:\WINDOWS\System32\w32time.dll
WebClient = %SystemRoot%\System32\webclnt.dll
winmgmt = %SystemRoot%\system32\wbem\WMIsvc.dll
WmdmPmSN = C:\WINDOWS\system32\MsPMSNSv.dll
wscsvc = %SYSTEMROOT%\system32\wscsvc.dll
wuauserv = C:\WINDOWS\System32\wuauserv.dll
WZCSVC = %SystemRoot%\System32\wzcsvc.dll
xmlprov = %SystemRoot%\System32\xmlprov.dll

====================Drivers====================

====================All Shared Resource====================
Shared Resource Name :IPC$
Shared Resource Comment :Remote IPC
Shared Resource Path :
Share Status :Normal

====================All Layered Service Providers====================
Provider Name :MSAFD Tcpip [TCP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [UDP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [RAW/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_IP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_RAW
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :RSVP UDP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :RSVP TCP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{D613A9C1-B19A-45CC-AC4C-828D6A3A2962}] SEQPACKET 6
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{D613A9C1-B19A-45CC-AC4C-828D6A3A2962}] DATAGRAM 6
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{E724270E-7A6B-4D49-9E32-A62D467CC237}] SEQPACKET 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{E724270E-7A6B-4D49-9E32-A62D467CC237}] DATAGRAM 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BB30CDA-08D6-446B-9B2F-1BF6F4B1B257}] SEQPACKET 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BB30CDA-08D6-446B-9B2F-1BF6F4B1B257}] DATAGRAM 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5A80CD7-59AC-4F1D-A957-F71F0A63CB0C}] SEQPACKET 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5A80CD7-59AC-4F1D-A957-F71F0A63CB0C}] DATAGRAM 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E9164F5-3D29-402C-9678-3221B975A5EE}] SEQPACKET 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E9164F5-3D29-402C-9678-3221B975A5EE}] DATAGRAM 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0D8D820-4F92-445A-B3E0-779A73C3223F}] SEQPACKET 4
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0D8D820-4F92-445A-B3E0-779A73C3223F}] DATAGRAM 4
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{661AC2CA-32A6-4A4D-8856-D8ECB8B26BDB}] SEQPACKET 5
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{661AC2CA-32A6-4A4D-8856-D8ECB8B26BDB}] DATAGRAM 5
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

====================All Auto-Run Programs====================
Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :MSMSGS
Value :"C:\Program Files\Messenger\msmsgs.exe" /background
Suspicious :No

Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :BackupNotify
Value :c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
Suspicious :No

Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Acme.PCHButton
Value :C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
Suspicious :No

Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Spyware Doctor
Value :"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Suspicious :No

Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Creative Detector
Value :C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
Suspicious :No

Registry Path :HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :MtdAcq
Value :C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :UpdateManager
Value :"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Symantec NetDriver Monitor
Value :C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Sunkist2k
Value :C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :nwiz
Value :nwiz.exe /installquiet /keeploaded /nodetect
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :NvCplDaemon
Value :RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Microsoft Works Update Detection
Value :C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :KBD
Value :C:\HP\KBD\KBD.EXE
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :hpsysdrv
Value :c:\windows\system\hpsysdrv.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :HPHUPD05
Value :c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :HPHmon05
Value :C:\WINDOWS\System32\hphmon05.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :HotKeysCmds
Value :C:\WINDOWS\System32\hkcmd.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :gcasServ
Value :"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :ccApp
Value :"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :CamMonitor
Value :c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :Motive SmartBridge
Value :C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :QuickTime Task
Value :"C:\Program Files\QuickTime\qttask.exe" -atboottime
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Value Name :iTunesHelper
Value :"C:\Program Files\iTunes\iTunesHelper.exe"
Suspicious :No

Registry Path :HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value Name :Userinit
Value :C:\WINDOWS\system32\userinit.exe
Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value Name :PostBootReminder
Value :{7849596a-48ea-486e-8937-a2a3009f31a9}
Dll Path :%SystemRoot%\system32\SHELL32.dll
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value Name :CDBurn
Value :{fbeb8a05-beee-4442-804e-409d6c4515e9}
Dll Path :%SystemRoot%\system32\SHELL32.dll
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value Name :WebCheck
Value :{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Dll Path :%SystemRoot%\System32\webcheck.dll
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value Name :SysTray
Value :{35CEC8A3-2BE6-11D2-8773-92E220524153}
Dll Path :C:\WINDOWS\System32\stobject.dll
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Value Name :{438755C2-A8BA-11D1-B96B-00A0C90312E1}
Value :Browseui preloader
Dll Path :%SystemRoot%\System32\browseui.dll
Suspicious :No

Registry Path :HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Value Name :{8C7461EF-2B13-11d2-BE35-3078302C2030}
Value :Component Categories cache daemon
Dll Path :%SystemRoot%\System32\browseui.dll
Suspicious :No

Start Path :C:\Documents and Settings\Owner\Start Menu\Programs\Startup
File Name :desktop.ini

Start Path :C:\Documents and Settings\Owner\Start Menu\Programs\Startup
File Name :SpySubtract.lnk

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :BT Broadband Help.lnk

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :desktop.ini

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :GetRight - Tray Icon.lnk

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :HP Digital Imaging Monitor.lnk

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :Microsoft Office.lnk

Start Path :C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Name :SpySubtract.lnk

====================Notify DLLs====================
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
igfxcui = igfxsrvc.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
wlballoon = wlnotify.dll

====================Other Auto-Run====================

====================All IE Restrictions====================

====================Add/Remove Programs====================
Ad-Aware SE Personal = Ad-Aware SE Personal
Adware Away v2.2.8.8 = Adware Away v2.2.8.8_is1
BT Voyager 205 ADSL Router = BT Voyager 205 ADSL Router
BT Broadband Help = btbb.MCCInstall
Copernic Agent Basic = Copernic Agent Basic
Creative Jukebox Driver = Creative Jukebox Driver
GetRight = GetRight
HijackThis 1.99.1 = HijackThis
HP Photo & Imaging 3.1 = HP Photo & Imaging
Easy Internet Sign-up = InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}
Multimedia Card Reader = InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}
Lexmark Photo Center = InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}
iTunes = InstallShield_{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
Windows XP Hotfix - KB873333 = KB873333
Windows XP Hotfix - KB873339 = KB873339
Windows XP Hotfix - KB885250 = KB885250
Windows XP Hotfix - KB885835 = KB885835
Windows XP Hotfix - KB885836 = KB885836
Windows XP Hotfix - KB885884 = KB885884
Windows XP Hotfix - KB886185 = KB886185
Windows XP Hotfix - KB887472 = KB887472
Windows XP Hotfix - KB887742 = KB887742
Windows XP Hotfix - KB888113 = KB888113
Windows XP Hotfix - KB888302 = KB888302
Windows XP Hotfix - KB890175 = KB890175
Windows XP Hotfix - KB890859 = KB890859
Windows XP Hotfix - KB890923 = KB890923
Windows XP Hotfix - KB891781 = KB891781
Windows XP Hotfix - KB893066 = KB893066
Windows XP Hotfix - KB893086 = KB893086
Windows Installer 3.1 (KB893803) = KB893803
KBD = KBD
Lexmark Z700-P700 Series = Lexmark Z700-P700 Series
LiveReg (Symantec Corporation) = LiveReg
LiveUpdate 2.6 (Symantec Corporation) = LiveUpdate
Microsoft .NET Framework 1.1 Hotfix (KB886903) = M886903
Microsoft .NET Framework 1.1 = Microsoft .NET Framework 1.1 (1033)
NVIDIA Display Driver = NVIDIA Display Driver
NVIDIA GART Driver = NVIDIA GART Driver
Microsoft Picture It! Photo Standard 9 = PictureIt_v9
Privacy Guardian 3.2 = Privacy Guardian_is1
PS2 = PS2
Python 2.2 combined Win32 extensions = Python 2.2 combined Win32 extensions
Python 2.2.1 = Python 2.2.1
QuickTime = QuickTime
Registry Mechanic = Registry Mechanic_is1
Shockwave = Shockwave
Spybot - Search & Destroy 1.3 = Spybot - Search & Destroy_is1
SpySubtract = SpySubtract
Spyware Doctor 3.2 = Spyware Doctor_is1
SpywareBlaster v3.3 = SpywareBlaster_is1
Norton Internet Security 2005 (Symantec Corporation) = SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
TweakNow RegCleaner = TweakNow RegCleaner_is1
Web Browser Component Manager = WBCM
Windows Media Format Runtime = Windows Media Format Runtime
Windows Media Player 10 = Windows Media Player
Windows XP Service Pack 2 = Windows XP Service Pack
Microsoft Works 2004 Setup Launcher = Works2004Setup
XoftSpy = XoftSpy
BT Yahoo! Anti-Spy = Yahoo! Anti-Spy
BT Yahoo! Toolbar = Yahoo! Companion
Microsoft Encarta Encyclopedia Standard - WE 2004 = {045A0044-9149-45C6-A806-F2BF9CFCE762}
Easy Internet Sign-up = {0613467F-A45E-4CB1-9ECE-1F3DD79FB927}
AiO_Scan = {092eeeee-9fdd-4895-a568-0818c96beb6c}
Sonic Update Manager = {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Norton Internet Security = {12E2B9E9-05B1-407d-B0FD-B5F350535125}
Multimedia Card Reader = {145CACAF-9B34-41FC-BE49-7D510A253E78}
Microsoft Money = {1D643CD2-4DD6-11D7-A4E0-000874180BB3}
PC-Doctor for Windows = {1F7CCFA3-D926-4882-B2A5-A0217ED25597}
HpSdpAppCoreApp = {2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}
SymNet = {2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Memories Disc Creator 2.0 = {2E132061-C78A-48D4-A899-1D13B9D189FA}
DocProc = {2F1FD032-67D1-4569-923F-47EAF132BF0F}
Microsoft Works Suite Add-in for Microsoft Word = {33BEE6F3-9987-4F98-A069-97A64EC8321A}
WebFldrs XP = {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}
Norton AntiSpam = {3B29A786-5803-4e9e-9B58-3014A5B4E519}
HPSystemDiagnostics = {3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}
Norton Internet Security = {449F3A9E-9903-4a0d-A209-08030D45A935}
Photosmart 140,240,7200,7600,7700,7900 Series = {45B6180B-DCAB-4093-8EE8-6164457517F0}
Norton Internet Security = {48185814-A224-447a-81DA-71BD20580E1B}
SkinsHP1 = {4FB6F304-A91D-4919-98E5-D96E074EA9E5}
Lexmark Photo Center = {523BD5B6-E904-493C-B902-1BC9B7D44DF4}
iTunes = {523E6F2A-2D59-4D91-90E8-6C49931C9F50}
Norton Internet Security = {526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Microsoft AntiSpyware = {536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Readme = {54e854d5-d5d4-452d-9c75-b39f5625b5fb}
Norton AntiSpam = {5677563D-0CB1-485f-9E18-C5025306BB3F}
Creative MediaSource = {56F3E1FF-54FE-4384-A153-6CCABA097814}
QuickProjects = {5ADF6293-D60F-4425-AFA7-CEB820DB872B}
Music Manager = {5AFA4872-16B2-419E-ADCA-8E96E739115D}
HP Photo and Imaging 2.0 - Photosmart Cameras = {5D7F0A0E-369E-46C0-9F99-FAB21A064781}
Java 2 Runtime Environment, SE v1.4.2 = {7148F0A8-6813-11D6-A77B-00B0D0142000}
InstantShare = {745A92AF-53B4-41A7-91C3-9B026B1D5897}
SPBBC = {77772678-817F-4401-9301-ED1D01A8DA56}
ArcSoft ShowBiz 2 = {791B20D4-AE59-4DE9-B45F-BA01F3D0A493}
PSShortcutsP = {7BBD57D6-09B1-4CC3-9664-A0D53EE25247}
Director = {829698DE-9EAC-475E-9A05-B7BA807CA1EF}
Microsoft AutoRoute v11.0 = {8704D51E-25B7-4F23-81E7-AA4F54790220}
QFolder = {8777AC6D-89F9-4793-8266-DE406F343E89}
Intel® Extreme Graphics Driver = {8A708DD8-A5E6-11D4-A706-000629E95E20}
Microsoft Money System Pack = {8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Word 2002 = {911B0409-6000-11D3-8CFE-0050048383C9}
Scan = {939227BD-19D8-4684-8A04-31AC9F6A564C}
RecordNow! = {9541FED0-327F-4DF0-8B96-EF57EF622F19}
InterVideo WinDVD Player = {98E8A2EF-4EAE-43B8-A172-74842B764777}
hpmdtab = {9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}
CreativeProjects = {A363B66C-1547-47bf-90F0-3834E70A841A}
Norton Internet Security = {A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Adobe Reader 6.0 = {AC76BA86-7AD7-1033-7B44-000000000001}
MSRedist = {B7C61755-DB48-4003-948F-3D34DB8EAF69}
Microsoft Works = {B9966F27-9678-4620-9579-925E3084647E}
Fax = {bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}
AiOSoftware = {c330461f-c4a9-4fc7-af5d-c158e0b56aa7}
PhotoGallery = {C38BC5B7-62D3-4880-82DD-A4803FD81921}
Norton AntiVirus 2005 = {C6F5B6CF-609C-428E-876F-CA83176C021B}
Symantec Network Drivers Update = {CA0A1E54-CE0F-4366-B09C-A87B61DC5633}
Microsoft .NET Framework 1.1 = {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HP Software Update = {CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
TrayApp = {CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}
PrintScreen = {CFD1B282-555D-494d-8231-4175C2AF08C2}
Copy = {D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}
Symantec Script Blocking Installer = {D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SkinsHP2 = {D545BB81-DEB0-49f7-BE26-197BC31AAF57}
CC_ccProxyExt = {DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
Microsoft Picture It! Photo Standard 9 = {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
ccCommon = {DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Norton Internet Security = {E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Unload = {E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}
Norton Internet Security = {E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update = {E85FA9A1-C241-4698-893B-DD99509B8DB0}
AIOMinimal = {ec7d7a6a-31cb-4810-826f-74171bef44f1}
Creative Zen Touch = {F13D54AA-EE45-4394-8510-C612A56FD9BC}
HPIZ311 = {F247869D-3643-4A9F-821B-3534145928E3}
HP PSC & OfficeJet 3.0 = {F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}
HP Deskjet Preloaded Printer Drivers = {F419D20A-7719-4639-8E30-C073A040D878}
Norton WMI Update = {F64306A5-4C32-41bb-B153-53986527FAB4}
WebReg = {FBBF532A-47AC-457d-AC06-0D3163D8911E}
ccPxyCore = {FC08587A-4F01-4188-819F-F55880022917}
Norton Internet Security = {FC2C0536-583C-46c0-844A-62CECAE01F22}

====================All IE Pages====================
Registry Key :HKCU\Software\Microsoft\Internet Explorer\Main
ValueName :Start Page
Page URL :http://www.ebay.co.uk
Malicious URL :No

Registry Key :HKCU\Software\Microsoft\Internet Explorer\Main
ValueName :Default_Page_URL
Page URL :http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Malicious URL :No

Registry Key :HKCU\Software\Microsoft\Internet Explorer\Search
ValueName :SearchAssistant
Page URL :http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Malicious URL :No

Registry Key :HKLM\Software\Microsoft\Internet Explorer\Main
ValueName :Start Page
Page URL :about:blank
Malicious URL :No

Registry Key :HKLM\Software\Microsoft\Internet Explorer\Main
ValueName :Default_Page_URL
Page URL :http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Malicious URL :No

Registry Key :HKLM\Software\Microsoft\Internet Explorer\Main
ValueName :Search Bar
Page URL :http://www.google.com
Malicious URL :No

Registry Key :HKLM\Software\Microsoft\Internet Explorer\Search
ValueName :SearchAssistant
Page URL :http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Malicious URL :No

Registry Key :HKLM\Software\Microsoft\Internet Explorer\Search
ValueName :CustomizeSearch
Page URL :http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Malicious URL :No

====================Protocols Filter====================
Filter Key : application/octet-stream
CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Dll Path : C:\WINDOWS\System32\mscoree.dll

Filter Key : application/x-complus
CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Dll Path : C:\WINDOWS\System32\mscoree.dll

Filter Key : application/x-msdownload
CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Dll Path : C:\WINDOWS\System32\mscoree.dll

Filter Key : Class Install Handler
CLSID : {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}
Dll Path : C:\WINDOWS\system32\urlmon.dll

Filter Key : deflate
CLSID : {8f6b0360-b80d-11d0-a9b3-006097942311}
Dll Path : C:\WINDOWS\system32\urlmon.dll

Filter Key : gzip
CLSID : {8f6b0360-b80d-11d0-a9b3-006097942311}
Dll Path : C:\WINDOWS\system32\urlmon.dll

Filter Key : lzdhtml
CLSID : {8f6b0360-b80d-11d0-a9b3-006097942311}
Dll Path : C:\WINDOWS\system32\urlmon.dll

Filter Key : text/webviewhtml
CLSID : {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
Dll Path : %SystemRoot%\system32\SHELL32.dll

====================Other Dlls====================
amstream.dll : 6.5.2600.2180 : 70656 : 2002-12-12 : 2005-5-13
bcbmm.dll : 249.20.29185.3339 : 16896 : 2003-1-1 : 2005-5-13
CoInst.dll : 249.20.29185.3339 : 24576 : 2005-5-10 : 2005-5-13
compatui.dll : 1.0.0.1 : 252928 : 2001-9-27 : 2005-5-15
devenum.dll : 6.5.2600.2180 : 59904 : 2003-5-30 : 2005-5-15 : werr
dxmasf.dll : 6.4.9.1125 : 498205 : 2001-9-27 : 2005-5-13
encdec.dll : 6.5.2600.2180 : 186368 : 2001-9-27 : 2005-5-13
hpreg.dll : 1.0.0.2 : 45056 : 2003-1-1 : 2005-5-13
iAlmcoin.dll : 249.20.29185.3339 : 0 : 2003-1-1 : 2003-1-1
ieencode.dll : 2001.7.25.0 : 81920 : 2005-4-28 : 2005-5-13
ir32_32.dll : 3.24.15.3 : 199168 : 2001-9-27 : 2005-5-15
JAWTAccessBridge.dll : 249.20.29185.3339 : 28672 : 2003-1-1 : 2005-5-13
LXBLLCNP.DLL : 249.20.29185.3339 : 77824 : 2003-3-26 : 2005-5-13
lxblvs.dll : 249.20.29185.3339 : 40960 : 2002-11-13 : 2005-5-13
mciqtz32.dll : 6.5.2600.2180 : 35328 : 2002-12-12 : 2005-5-13
msdmo.dll : 6.5.2600.2180 : 14336 : 2002-12-12 : 2005-5-15 : werr
msdxmlc.dll : 6.4.9.1125 : 4126 : 2001-9-27 : 2005-5-13
msencode.dll : 2000.7.25.0 : 94282 : 2001-9-27 : 2005-5-14
paqsp.dll : 2.0.0.0 : 157696 : 2001-8-18 : 2005-5-13
PCDrJNI_1_1.dll : 249.20.29185.3339 : 167936 : 2003-1-1 : 2005-5-13
PcdrKernelModeServices.dll : 249.20.29185.3339 : 94208 : 2003-1-1 : 2005-5-14
ProgressTrace.dll : 249.20.29185.3339 : 77824 : 2003-1-1 : 2005-5-13
psisdecd.dll : 6.5.2600.2180 : 363520 : 2003-1-1 : 2005-5-13
PythonCOM22.dll : 2.2.0.146 : 299073 : 2003-1-1 : 2005-5-13
PyWinTypes22.dll : 2.2.0.146 : 65536 : 2003-1-1 : 2005-5-13
qcap.dll : 6.5.2600.2180 : 192512 : 2002-12-12 : 2005-5-13
qdv.dll : 6.5.2600.2180 : 279040 : 2002-12-12 : 2005-5-13
qdvd.dll : 6.5.2600.2180 : 385024 : 2003-5-30 : 2005-5-13
qedit.dll : 6.5.2600.2180 : 562176 : 2002-12-12 : 2005-5-15
qedwipes.dll : 6.5.2600.2180 : 733696 : 2002-12-12 : 2005-5-13
quartz.dll : 6.5.2600.2180 : 1287680 : 2003-5-30 : 2005-5-15 : werr
ryno.dll : 249.20.29185.3339 : 475 : 2005-4-10 : 2005-5-15
sbe.dll : 6.5.2600.2180 : 270848 : 2001-9-27 : 2005-5-13
syscontr.dll : 1.0.0.1 : 24576 : 2003-1-1 : 2005-5-13
tsd32.dll : 1.3.3.7 : 15360 : 2001-9-27 : 2005-5-13
win87em.dll : 249.20.29185.3339 : 13312 : 2001-9-27 : 2005-5-15
winsusrm.dll : 249.20.29185.3339 : 264 : 2005-5-11 : 2005-5-15
xokpnu.dll : 249.20.29185.3339 : 106 : 2005-4-10 : 2005-5-15
YCRWin32.dll : 1.0.0.1 : 65536 : 2002-3-23 : 2005-5-13
------------Windows------------

====================All CLSID====================
{3050f163-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050F17F-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F1FC-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F232-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F296-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F391-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050f3B3-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050f3B4-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050f3BB-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F3C2-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F3D6-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050f499-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B} : C:\WINDOWS\System32\iepeers.dll
{3050f4e1-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtmled.dll
{3050f4e7-98b5-11cf-bb82-00aa00bdce0b} : %SystemRoot%\System32\mshtml.dll
{3050f4f0-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtml.dll
{3050f4f5-98B5-11CF-BB82-00AA00BDCE0B} : C:\WINDOWS\System32\mshtmled.dll
{3050f4f8-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtml.dll
{3050f5be-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\iepeers.dll
{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} : %SystemRoot%\System32\mshtml.dll
{3050f664-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\iepeers.dll
{3050f667-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtml.dll
{3050f67D-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtml.dll
{3050f6b3-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\iepeers.dll
{3050f6cd-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\iepeers.dll
{3050f6d4-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\iepeers.dll
{3050f819-98b5-11cf-bb82-00aa00bdce0b} : C:\WINDOWS\System32\mshtmled.dll

====================All IE URL Prefixes====================
Prefix :Default Prefix
Protocol :http://
Normal :Yes

Prefix :ftp
Protocol :ftp://
Normal :Yes

Prefix :gopher
Protocol :gopher://
Normal :Yes

Prefix :home
Protocol :http://
Normal :Yes

Prefix :mosaic
Protocol :http://
Normal :Yes

Prefix :www
Protocol :http://
Normal :Yes

====================All IE Url Search Hook====================
Url Search Hook :{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Dll Path :C:\WINDOWS\System32\shdocvw.dll
Normal :Yes

====================All IE BHOs and Toolbars====================
Type :BHO
CLSID :{02478D38-C3F9-4efb-9B51-7695ECA05670}
DLL Path :C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
Malicious :Unknown

Type :BHO
CLSID :{31FF080D-12A3-439A-A2EF-4BA95A3148E8}
DLL Path :C:\Program Files\GetRight\xx2gr.dll
Malicious :Unknown

Type :BHO
CLSID :{53707962-6F74-2D53-2644-206D7942484F}
DLL Path :C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Malicious :Unknown

Type :BHO
CLSID :{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
DLL Path :C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
Malicious :Unknown

Type :BHO
CLSID :{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
DLL Path :C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
Malicious :Unknown

Type :BHO
CLSID :{B56A7D7D-6927-48C8-A975-17DF180C71AC}
DLL Path :C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
Malicious :Unknown

Type :BHO
CLSID :{BDF3E430-B101-42AD-A544-FADC6B084872}
DLL Path :C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Malicious :Unknown

Type :Toolbar
CLSID :{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
DLL Path :C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
Malicious :Unknown

Type :Toolbar
CLSID :{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
DLL Path :C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Malicious :Unknown

Type :Toolbar
CLSID :{EF99BD32-C1FB-11D2-892F-0090271D4F88}
DLL Path :C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
Malicious :Unknown

Type :Toolbar
CLSID :{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
DLL Path :C:\Program Files\Copernic Agent\CopernicAgentExt.dll
Malicious :Unknown

====================All IE Toolbar Button & Context Menu====================
Toolbar Button :{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Button Text :
Execute Path :

Toolbar Button :{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
Button Text :
Execute Path :C:\PROGRA~1\COPERN~1\COPERN~1.EXE

Toolbar Button :{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
Button Text :Spyware Doctor
Execute Path :

Toolbar Button :{688DC797-DC11-46A7-9F1B-445F4F58CE6E}
Button Text :Copernic Agent
Execute Path :C:\PROGRA~1\COPERN~1\COPERN~1.EXE

Toolbar Button :{FB5F1910-F110-11d2-BB9E-00C04F795683}
Button Text :Messenger
Execute Path :C:\Program Files\Messenger\msmsgs.exe

Context Menu :Download with GetRight
URL :C:\Program Files\GetRight\GRdownload.htm
Context Menu :Open with GetRight Browser
URL :C:\Program Files\GetRight\GRbrowse.htm
Context Menu :Search Using Copernic Agent
URL :res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

====================All Installed ActiveX====================
CLSID :{2BC66F51-93A8-11D3-BEB6-00105AA9B6AE}
Dll Path :c:\windows\downloaded program files\avsniff.dll
File Type :DLL and OCX -- avsniff.dll
Malicious :Unknown -- (null)

CLSID :{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
Dll Path :C:\WINDOWS\Downloaded Program Files\avsniff.dll
File Type :INF - avsniff.inf
Malicious :Unknown -- (null)

CLSID :{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
Dll Path :C:\WINDOWS\Downloaded Program Files\rufsi.dll
File Type :INF - CabSA.inf
Malicious :Unknown -- (null)

CLSID :{1F2F4C9E-6F09-47BC-970D-3C54734667FE}
Dll Path :c:\windows\downloaded program files\lssupctl.dll
File Type :DLL and OCX -- LSSupCtl.dll
Malicious :Unknown -- (null)

CLSID :{1F2F4C9E-6F09-47BC-970D-3C54734667FE}
Dll Path :C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
File Type :INF - LSSupCtl.inf
Malicious :Unknown -- (null)

CLSID :{644E432F-49D3-41a1-8DD5-E099162EEEC5}
Dll Path :c:\windows\downloaded program files\rufsi.dll
File Type :DLL and OCX -- rufsi.dll
Malicious :Unknown -- (null)

CLSID :{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B}
Exe Path :c:\windows\downlo~1\setup.exe
File Type :EXE -- setup.exe
Malicious :Unknown -- (null)

CLSID :{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
Dll Path :c:\windows\downloaded program files\symadata.dll
File Type :DLL and OCX -- SymAData.dll
Malicious :Unknown -- (null)

CLSID :{6414512B-B978-451D-A0D8-FCFDF33E833C}
Dll Path :C:\WINDOWS\System32\wuweb.dll
File Type :INF - wuweb.inf
Malicious :Unknown -- (null)

====================Hosts File====================
IP :127.0.0.1
Domain :localhost
Malicious :No

====================Internet Explorer Dlls====================

1000000:C:\WINDOWS\Explorer.EXE:Microsoft Corporation
7c900000:C:\WINDOWS\system32\ntdll.dll:Microsoft Corporation
7c800000:C:\WINDOWS\system32\kernel32.dll:Microsoft Corporation
77c10000:C:\WINDOWS\system32\msvcrt.dll:Microsoft Corporation
77dd0000:C:\WINDOWS\system32\ADVAPI32.dll:Microsoft Corporation
77e70000:C:\WINDOWS\system32\RPCRT4.dll:Microsoft Corporation
77f10000:C:\WINDOWS\system32\GDI32.dll:Microsoft Corporation
77d40000:C:\WINDOWS\system32\USER32.dll:Microsoft Corporation
77f60000:C:\WINDOWS\system32\SHLWAPI.dll:Microsoft Corporation
7c9c0000:C:\WINDOWS\system32\SHELL32.dll:Microsoft Corporation
774e0000:C:\WINDOWS\system32\ole32.dll:Microsoft Corporation
77120000:C:\WINDOWS\system32\OLEAUT32.dll:Microsoft Corporation
75f80000:C:\WINDOWS\system32\BROWSEUI.dll:Microsoft Corporation
77760000:C:\WINDOWS\system32\SHDOCVW.dll:Microsoft Corporation
77a80000:C:\WINDOWS\system32\CRYPT32.dll:Microsoft Corporation
77b20000:C:\WINDOWS\system32\MSASN1.dll:Microsoft Corporation
754d0000:C:\WINDOWS\system32\CRYPTUI.dll:Microsoft Corporation
76c30000:C:\WINDOWS\system32\WINTRUST.dll:Microsoft Corporation
76c90000:C:\WINDOWS\system32\IMAGEHLP.dll:Microsoft Corporation
5b860000:C:\WINDOWS\system32\NETAPI32.dll:Microsoft Corporation
771b0000:C:\WINDOWS\system32\WININET.dll:Microsoft Corporation
76f60000:C:\WINDOWS\system32\WLDAP32.dll:Microsoft Corporation
77c00000:C:\WINDOWS\system32\VERSION.dll:Microsoft Corporation
5ad70000:C:\WINDOWS\system32\UxTheme.dll:Microsoft Corporation
5cb70000:C:\WINDOWS\system32\ShimEng.dll:Microsoft Corporation
6f880000:C:\WINDOWS\AppPatch\AcGenral.DLL:Microsoft Corporation
76b40000:C:\WINDOWS\system32\WINMM.dll:Microsoft Corporation
77be0000:C:\WINDOWS\system32\MSACM32.dll:Microsoft Corporation
769c0000:C:\WINDOWS\system32\USERENV.dll:Microsoft Corporation
773d0000:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll:Microsoft Corporation
5d090000:C:\WINDOWS\system32\comctl32.dll:Microsoft Corporation
5cd70000:C:\WINDOWS\system32\serwvdrv.dll:Microsoft Corporation
5b0a0000:C:\WINDOWS\system32\umdmxfrm.dll:Microsoft Corporation
77b40000:C:\WINDOWS\system32\appHelp.dll:Microsoft Corporation
76fd0000:C:\WINDOWS\system32\CLBCATQ.DLL:Microsoft Corporation
77050000:C:\WINDOWS\system32\COMRes.dll:Microsoft Corporation
77a20000:C:\WINDOWS\System32\cscui.dll:Microsoft Corporation
76600000:C:\WINDOWS\System32\CSCDLL.dll:Microsoft Corporation
5ba60000:C:\WINDOWS\System32\themeui.dll:Microsoft Corporation
77fe0000:C:\WINDOWS\System32\Secur32.dll:Microsoft Corporation
76380000:C:\WINDOWS\System32\MSIMG32.dll:Microsoft Corporation
20000000:C:\WINDOWS\system32\xpsp2res.dll:Microsoft Corporation
71d40000:C:\WINDOWS\System32\actxprxy.dll:Microsoft Corporation
76980000:C:\WINDOWS\system32\LINKINFO.dll:Microsoft Corporation
76990000:C:\WINDOWS\system32\ntshrui.dll:Microsoft Corporation
76b20000:C:\WINDOWS\system32\ATL.DLL:Microsoft Corporation
77920000:C:\WINDOWS\system32\SETUPAPI.dll:Microsoft Corporation
76400000:C:\WINDOWS\system32\NETSHELL.dll:Microsoft Corporation
76e80000:C:\WINDOWS\system32\rtutils.dll:Microsoft Corporation
76c00000:C:\WINDOWS\system32\credui.dll:Microsoft Corporation
71ab0000:C:\WINDOWS\system32\WS2_32.dll:Microsoft Corporation
71aa0000:C:\WINDOWS\system32\WS2HELP.dll:Microsoft Corporation
76d60000:C:\WINDOWS\system32\iphlpapi.dll:Microsoft Corporation
1450000:C:\Program Files\Microsoft AntiSpyware\shellextension.dll:Microsoft Corporation
77260000:C:\WINDOWS\system32\urlmon.dll:Microsoft Corporation
745e0000:C:\WINDOWS\system32\msi.dll:Microsoft Corporation
76360000:C:\WINDOWS\system32\WINSTA.dll:Microsoft Corporation
74b30000:C:\WINDOWS\System32\webcheck.dll:Microsoft Corporation
71ad0000:C:\WINDOWS\System32\WSOCK32.dll:Microsoft Corporation
76280000:C:\WINDOWS\System32\stobject.dll:Microsoft Corporation
74af0000:C:\WINDOWS\System32\BatMeter.dll:Microsoft Corporation
74ad0000:C:\WINDOWS\System32\POWRPROF.dll:Microsoft Corporation
76f50000:C:\WINDOWS\System32\WTSAPI32.dll:Microsoft Corporation
72d20000:C:\WINDOWS\system32\wdmaud.drv:Microsoft Corporation
72d10000:C:\WINDOWS\system32\msacm32.drv:Microsoft Corporation
77bd0000:C:\WINDOWS\system32\midimap.dll:Microsoft Corporation
ffd0000:C:\WINDOWS\system32\rsaenh.dll:Microsoft Corporation
67330000:C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll:Symantec Corporation
7c340000:C:\WINDOWS\system32\MSVCR71.dll:Microsoft Corporation
10000000:C:\PROGRA~1\BTBROA~2\SMARTB~1\SBHook.dll:Motive Communications, Inc.
5a000000:C:\Program Files\Spyware Doctor\Tools\klg.dat:
fc0000:C:\Program Files\Spyware Doctor\Tools\swpg.dat:
763b0000:C:\WINDOWS\system32\comdlg32.dll:Microsoft Corporation
75e90000:C:\WINDOWS\system32\SXS.DLL:Microsoft Corporation
14e0000:C:\WINDOWS\system32\browselc.dll:Microsoft Corporation
1a50000:C:\Program Files\GetRight\xx2gr.dll:Headlight Software, Inc.
73000000:C:\WINDOWS\system32\WINSPOOL.DRV:Microsoft Corporation
7c3a0000:C:\WINDOWS\system32\MSVCP71.dll:Microsoft Corporation
6af30000:C:\Program Files\Common Files\Symantec Shared\ccL30.dll:Symantec Corporation
71b20000:C:\WINDOWS\system32\MPR.dll:Microsoft Corporation
71bf0000:C:\WINDOWS\System32\SAMLIB.dll:Microsoft Corporation
6c1b0000:C:\WINDOWS\system32\DUSER.dll:Microsoft Corporation
75970000:C:\WINDOWS\system32\MSGINA.dll:Microsoft Corporation
74320000:C:\WINDOWS\system32\ODBC32.dll:Microsoft Corporation
21d0000:C:\WINDOWS\system32\odbcint.dll:Microsoft Corporation
75cf0000:C:\WINDOWS\system32\MLANG.dll:Microsoft Corporation
26c0000:C:\WINDOWS\system32\shdoclc.dll:Microsoft Corporation
73f10000:C:\WINDOWS\system32\DSOUND.dll:Microsoft Corporation
b20000:c:\Program Files\InterMute\SpySubtract\sshook.dll:InterMute, Inc.
72a90000:C:\WINDOWS\system32\DEVMGR.DLL:Microsoft Corporation
76d30000:C:\WINDOWS\system32\WMI.dll:Microsoft Corporation
75150000:C:\WINDOWS\system32\Cabinet.dll:Microsoft Corporation
76390000:C:\WINDOWS\system32\IMM32.dll:Microsoft Corporation
76ee0000:C:\WINDO

guestolo · « **Reply #7 on:** May 15, 2005, 11:39:19 AM »

I can see the Start page About:Blank entry
But I don't know if it's just a battle between Mic. Anti-Spyware and Adware Away

Is there any way you can just
Restart your computer

Back in Windows open an IE window
If prompted for a change allow it
Then come back here and post a fresh Hijackthis log

One program may be wanting to set your home page to About:blank
Which is not necessarily alway a Hijacker

These spyware tools you have installed could all be interfering with each other

Between SpywareDoctor--AdWare Away, SpySubtract and MAS, this may be a false postive
Without allowing the change I won't be able to help track down the problem

Or you will have to disable all Realtime protections from all your Spyware Tools until we fix the problem

bigunit · « **Reply #8 on:** May 15, 2005, 12:29:43 PM »

I have uninstalled Ad-Aware se and disabled real-time protection in Spyware Doctor, MS Antispyware beta, and SpySubtract. XoftSpy doesn't seem to offer real-time protection.

Now, upon opening IE (and for the first time in weeks) I haven't been alerted to an attempted home or search page change by one or other of the spyware progs!!

Here is the latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:25:09, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112397606140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #9 on:** May 15, 2005, 12:41:42 PM »

Log looks good, Don't know why you would unstall Adaware SE Personal
It's a great program
But you have enough tools on your system I suppose

I only use Spybot >>Ad-Aware>>and once in awhile run a scan with Microsoft's scanner

I use SpywareGuard only for Realtime protection

and use SpywareBlaster 3.3 and IE-Spyad for silent spyware Blockers
These don't run in the background

The system isn't burdened down and I keep fairly secure
With the sites I check out, I have to be

Mind you, I use Firefox as my Primary browser
But the wife uses Internet Explorer, so I guess my protections must be working

bigunit · « **Reply #10 on:** May 15, 2005, 12:55:29 PM »

So far so good on my browser hijack problem, so I guess you were right about the conflicting spyware progs.

I agree about AdAware SE. It's only ever done good things since I installed it. I only uninstalled it for the purpose of running the last log. I was using an unregistered version, but I intend to re-install and then register the program.

Of the ones I have that offer real-time protection on IE settings - MS AntiSpyware, Spy Doctor and SpySubtract - would you suggest I activate only one of them for this task? If so, which one do you think is best? I don't think I've heard of SpywareGuard, but if you feel that's the best one for the job, I'd really appreciate a link to it.

Thanks a lot for your help. Very best wishes.

guestolo · « **Reply #11 on:** May 15, 2005, 01:22:08 PM »

Personally, I use the free unregistered version of Ad-Aware
But I'm not saying not to get the paid version, that is up to you

Again, watch everything you have running, Ad-aware se paid version comes with Ad-Watch
Another realtime protection

You don't really need SpywareGuard
Microsoft's Anti-Spyware realtime protection does about the same job
I'm not asking you to reduce your protections, but having more than one program doing the same job seems unnecessary

Personally, for added protection
I usually recommend these 2 small programs
From my canned speech
SpywareBlaster 3.3 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
IE-Spyad works fine with XP SP2, I use it on my computer
As mentioned, the good thing about SpywareBlaster and IE-Spyad is they don't run in the background
Considered silent spyware blockers

Guest · « **Reply #12 on:** September 17, 2005, 04:17:46 PM »

The file belongs to Samsung for their inexpensive 1710
the file I believe is for facilitating the printer

http://64.233.187.104/search?q=cache:C-IKi...gb1su.dll&hl=en

http://164.107.52.42/Everyone/UPGRADES/PRI.../AddPrint/Win2K

Problem solved

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />
arthurpendragoneEmail Removed

TheTechGuide Forum

News:

Author Topic: "Possible browser hi-jack" (Read 4048 times)

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

bigunit

"Possible browser hi-jack"

guestolo

"Possible browser hi-jack"

Guest

"Possible browser hi-jack"