 |  |  |  |  |  |  |  |
"Your Windows is corrupted with spyware" virus - again
 |
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation: 
Solved Threads: 36
I've got this stupid "your Windows is corrupted with spyware virus" again and it's hard to get rid of.
I've just tried Crunchie's KillBox/HiJackThis fix and no go. Is there something else I can try?
BTW, with HiJackThis, I tick the box that's mentioned and fix checked - it says the line is gone but when another scan is done, the line is right back.
Thanks much
Zeroth
I've just tried Crunchie's KillBox/HiJackThis fix and no go. Is there something else I can try?
BTW, with HiJackThis, I tick the box that's mentioned and fix checked - it says the line is gone but when another scan is done, the line is right back.
Thanks much
Zeroth
Please post the HiJack this log.
PETA People for the Eating of Tasty Animals.
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
•
•
•
•
Originally Posted by OurNation
Please post the HiJack this log.
Many malicious infections use randomly-generated filenames which can even "morph" their names at times; this is especially true of the variants which require use of the KillBox. Given that, a fix that was posted for one person will seldom entirely apply to those with similar problems.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation:
Solved Threads: 36
Hi there and thanks for the attention!
I'm afraid the situation has gotten worse and I'm afraid to post the HJT log - explanation follows:
After I posted the original problem, I realized I had not done the KillBox fix in safe mode so I did it and it seemed to get rid of the line this time. I then booted up in normal mode and now I get the same Explorer open but this time it doesn't have the hotoffers web page but has about:blank page. Norton's (I have corporate edition permanently attached to my machine) then comes up with a virus (Trojan Horse) in c:\WINNT\system32\opensdl.exe Clean failed
elete suceeded:Access denied
this is found on boot
then another box pops up that appears to be from MIE but methinks its a popup:
Microsoft Internet Explorer has encountered a problem and needs to close. We're sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
(checked option box) restart Microsoft Internet Explorer
to see date ... click here (URL reference) [I didn't click on it from fear]
(then some clidk boxes on the right hand side) send error report don't send
When I close these boxes and IE, the process repeats...
So, I can't send the HJT log from that computer, since I can't get IE to run. I don't want to send it from the computer I'm on (although I can, I'm on a network) because I don't want to take a chance on having this computer infected...
Any suggestions? Is this message a popup or a real message from IE?
This is getting wierd, guys!!!
Thanks
I'm afraid the situation has gotten worse and I'm afraid to post the HJT log - explanation follows:
After I posted the original problem, I realized I had not done the KillBox fix in safe mode so I did it and it seemed to get rid of the line this time. I then booted up in normal mode and now I get the same Explorer open but this time it doesn't have the hotoffers web page but has about:blank page. Norton's (I have corporate edition permanently attached to my machine) then comes up with a virus (Trojan Horse) in c:\WINNT\system32\opensdl.exe Clean failed
elete suceeded:Access deniedthis is found on boot
then another box pops up that appears to be from MIE but methinks its a popup:
Microsoft Internet Explorer has encountered a problem and needs to close. We're sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
(checked option box) restart Microsoft Internet Explorer
to see date ... click here (URL reference) [I didn't click on it from fear]
(then some clidk boxes on the right hand side) send error report don't send
When I close these boxes and IE, the process repeats...
So, I can't send the HJT log from that computer, since I can't get IE to run. I don't want to send it from the computer I'm on (although I can, I'm on a network) because I don't want to take a chance on having this computer infected...
Any suggestions? Is this message a popup or a real message from IE?
This is getting wierd, guys!!!
Thanks
Well you could put the log on a floppy and then post it from a differnet computer.
PETA People for the Eating of Tasty Animals.
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
Although I can't say for sure because I can't actually see the message, that is the text you would get from one of the real Windows error pop-ups.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Well you can press the Print Scrn button when it pops up to take a picture so we can see.
PETA People for the Eating of Tasty Animals.
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
FireFox
Hijack This
Ad-Aware
Hijack this tutorial
Microsoft AntiSpyware
CompUchat
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation:
Solved Threads: 36
OK, took a chance and here it is - thanks guys for looking
Logfile of HijackThis v1.99.1
Scan saved at 11:06:07 PM, on 3/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\HijackThis.exe
C:\WINNT\system32\connmie.exe
C:\WINNT\system32\truettf.exe
C:\WINNT\system32\dxconf.exe
C:\Program Files\Internet Explorer\dw15.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: (no name) - {EF9B9136-340A-022A-CA2D-F96F67BCE30E} - clamav.dll (file missing)
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINNT\cerbmod.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D5890EEF-C4CE-4D87-82BA-B86FDA56DBB0} - C:\WINNT\system32\sfcman32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecustom32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ygmwor] c:\winnt\system32\ygmwor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [321102] xwiz.exe
O4 - HKLM\..\Run: [Serviceprocess] ms-its.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [teqq32] sysconf16.exe
O4 - HKCU\..\Run: [RtlFindVal] new32.exe
O4 - HKCU\..\Run: [syspanel] Trayz.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINNT\System32\remove_me.dll (file missing)
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINNT\System32\remove_me.dll (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/...m::/update.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25792966...p/RdxIE601.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F2261703-0D7D-11D0-9FFE-00A0C90D049B} (Corel Presentations Show It!) - http://www.corel.com/products/wordpe...n/axprshow.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D241B5C-5474-4CB5-8185-65E11F6DCC61}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:06:07 PM, on 3/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\HijackThis.exe
C:\WINNT\system32\connmie.exe
C:\WINNT\system32\truettf.exe
C:\WINNT\system32\dxconf.exe
C:\Program Files\Internet Explorer\dw15.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: (no name) - {EF9B9136-340A-022A-CA2D-F96F67BCE30E} - clamav.dll (file missing)
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINNT\cerbmod.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D5890EEF-C4CE-4D87-82BA-B86FDA56DBB0} - C:\WINNT\system32\sfcman32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecustom32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ygmwor] c:\winnt\system32\ygmwor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [321102] xwiz.exe
O4 - HKLM\..\Run: [Serviceprocess] ms-its.exe
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [teqq32] sysconf16.exe
O4 - HKCU\..\Run: [RtlFindVal] new32.exe
O4 - HKCU\..\Run: [syspanel] Trayz.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINNT\System32\remove_me.dll (file missing)
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINNT\System32\remove_me.dll (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/...m::/update.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25792966...p/RdxIE601.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F2261703-0D7D-11D0-9FFE-00A0C90D049B} (Corel Presentations Show It!) - http://www.corel.com/products/wordpe...n/axprshow.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D241B5C-5474-4CB5-8185-65E11F6DCC61}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
OK- you definitely have a few nasties in that log.
I need to log off right now and do a few hours of "real-life" work, but hang in there; one of us will help you as soon as we can.
I need to log off right now and do a few hours of "real-life" work, but hang in there; one of us will help you as soon as we can.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation:
Solved Threads: 36
Many thanks, DMR,
I think I've fixed a few of the problems, but there are still some - here's the latest log.
Zeroth
Logfile of HijackThis v1.99.1
Scan saved at 12:57:23 PM, on 3/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\truettf.exe
C:\WINNT\system32\dxconf.exe
C:\WINNT\system32\wuauclt.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINNT\cerbmod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Name - {6FBB33D6-3354-4625-9FBD-DA0DEAD6FA3E} - C:\WINNT\system32\msafa.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D5890EEF-C4CE-4D87-82BA-B86FDA56DBB0} - C:\WINNT\system32\sfcman32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecustom32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/...m::/update.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25792966...p/RdxIE601.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F2261703-0D7D-11D0-9FFE-00A0C90D049B} (Corel Presentations Show It!) - http://www.corel.com/products/wordpe...n/axprshow.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D241B5C-5474-4CB5-8185-65E11F6DCC61}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
I think I've fixed a few of the problems, but there are still some - here's the latest log.
Zeroth
Logfile of HijackThis v1.99.1
Scan saved at 12:57:23 PM, on 3/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\truettf.exe
C:\WINNT\system32\dxconf.exe
C:\WINNT\system32\wuauclt.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINNT\cerbmod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Name - {6FBB33D6-3354-4625-9FBD-DA0DEAD6FA3E} - C:\WINNT\system32\msafa.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D5890EEF-C4CE-4D87-82BA-B86FDA56DBB0} - C:\WINNT\system32\sfcman32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecustom32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {96E1BC8A-6C07-47FA-9FDD-EFC2A84ED5C8} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/...m::/update.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25792966...p/RdxIE601.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F2261703-0D7D-11D0-9FFE-00A0C90D049B} (Corel Presentations Show It!) - http://www.corel.com/products/wordpe...n/axprshow.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D241B5C-5474-4CB5-8185-65E11F6DCC61}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.196,195.225.176.37
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
|
Similar Threads
- "Your Windows is corrupted with spyware virus" Popup (Viruses, Spyware and other Nasties)
- Fake "Microsoft Windows Security Warning" & Browser Hijacks (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: how to rid elite bar?
- Next Thread: Remove Lycos sidebar?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
