0

Hi,
Read a couple of posts about Aurora and they seem to be specific to individual machines I have downloaded Hijackthis and saved a log shown below.
Any help would be appreciated.
Thanks Mark.

Logfile of HijackThis v1.99.0
Scan saved at 11:47:54, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
c:\windows\system32\hsgigf.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bbc.co.uk/"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\hfwzewj9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\hfwzewj9.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WinTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ssaknlm] c:\windows\system32\hsgigf.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.compaq.com/HTML/interactive/h5500/model.html
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1679de17a26573e49e05/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hope this is OK.

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hi ukblade and welcome to Daniweb forums :).

Download Ewido, install then from within the program check for updates BUT dont scan yet
ewido security suite: http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
If you have problems updating see here http://www.ewido.net/en/download/updates/


Please download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then run Ewido, and run a full scan. Post the log from the scan here for me later when in a normal windows mode.

Then run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and post a new HijackThis log, as well as the log from the Ewido scan.

0

Hi crunchie,
sorry its taken me a couple of days to find time to sit and sort my computer out, I hope the following logs are OK.
Cheers Mark.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           21:17:50, 17/05/2005
+ Report-Checksum:      94A1B83F


+ Date of database:     14/05/2005
+ Version of scan engine:   v3.0


+ Duration:             127 min
+ Scanned Files:            651030
+ Speed:                85.11 Files/Second
+ Infected files:           124
+ Removed files:            124
+ Files put in quarantine:      124
+ Files that could not be opened:   0
+ Files that could not be cleaned:  0


+ Binder:       Yes
+ Crypter:      Yes
+ Archives:     Yes


+ Scanned items:
C:\


+ Scan result:
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B2VX9LVZ\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\NQZUR3ES\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P7RDR1RO\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q17O9CZY\thnall1p[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\U78VF450\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\W85U30VR\gvx143uts6m_wall[1].exe -> Dialer.Generic -> Cleaned with backup
C:\Downloads\3DDino-dm[1].exe -> Spyware.Trymedia.a -> Cleaned with backup
C:\Downloads\LetsRideSetup-dm[1].exe -> Spyware.Trymedia.a -> Cleaned with backup
C:\Program Files\Windows AdTools\WinAdTools.exe -> Spyware.Winad -> Cleaned with backup
C:\Program Files\Windows AdTools\WinRatchet.exe -> Spyware.Winad -> Cleaned with backup
C:\Program Files\Windows AdTools\WinWrench.dll -> Spyware.Winad -> Cleaned with backup
C:\RECYCLER\NPROTECT\00333072.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00333073.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334018.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334424.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334823.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334834.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334877.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00334884.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00335405.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00335435.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00336323.EXE -> Spyware.BetterInternet -> Cleaned with backup
C:\RECYCLER\NPROTECT\00336356.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00336411.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00336422.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bethany\Cookies\bethany@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bethany\Cookies\bethany@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bethany\Cookies\bethany@www.qksrv[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@ads.specificclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@ads.valuead[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@adserver.akqa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@clickagents[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@cms[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@counter5.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@data.coremetrics[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@ehg-register.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@engage.everyone[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@gator[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@html[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@linksynergy[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@mediamgr.ugo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@media[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@products[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@S005-01-10-3-282580-107607[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@S133378[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@sdc.shockwave[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@servedby.adscpm[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@servedfor.valuead[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@stat.onestat[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@stat3.cybermonitor[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@statse.webtrendslive[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@tmpad[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@www.commission-junction[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@www.instrumentexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@www.kazaa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@www.qksrv[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@x10[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@xupiter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\Cookies\bexi@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Bexi\My Documents\Kazaa\TopSearch.dll -> Spyware.TopSearch -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@emapadserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@gator[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@hg1.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@linksynergy[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@mediamgr.ugo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@S123179[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@S127803[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@www.commission-junction[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@www.coulomb.co[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@www.kazaa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@www.qksrv[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@x10[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WILLIS BACKUP\Documents and Settings\Sam\Cookies\sam@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\cggadntbch.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll -> Spyware.Winad -> Cleaned with backup
C:\WINDOWS\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
C:\WINDOWS\Pynix.dll -> Spyware.DlMax.a -> Cleaned with backup
C:\WINDOWS\system32\ATPartners.dll -> TrojanDownloader.Rameh.c -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\WINDOWS\system32\InstaFinder_inst.exe -> Spyware.InstaFinder.a -> Cleaned with backup
C:\WINDOWS\system32\megaV2wbr.dll -> TrojanDropper.Small.xm -> Cleaned with backup
C:\WINDOWS\system32\oujdvcy.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\TVM_B5_37.EXE -> TrojanDownloader.Small.wk -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet.b -> Cleaned with backup



::Report End


Logfile of HijackThis v1.99.1
Scan saved at 21:44:04, on 17/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bbc.co.uk/"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\hfwzewj9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\hfwzewj9.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WinTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.compaq.com/HTML/interactive/h5500/model.html
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1679de17a26573e49e05/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatrol.com/cponline/setup.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by happygeek: fixed formatting

0

Let's continue on with the fix...

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

MyWebSearch

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u RXToolBar.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\hfwzewj9.slt\prefs.js)

O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1679de17a26573...ip/RdxIE601.cab


Now, with all windows closed except HiJackThis, click "Fix checked".

===============


When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

folders...

C:\Program Files\RXToolBar

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting your PC, rescan with hijackthis and post a new log.
Let me know how things are now.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.