how-to block ads
|
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| reply to randyw01
Re: browser redirect and sluggish startup; HT log added
Open any .TXT document. This will open in Notepad. Click "Format", and uncheck Word Wrap. Be absolutely certain in all that follows that you never post a log to the Forum in which Word Wrap was active.
First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.
TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• In the File menu click Exit to exit Spybot Search & Destroy.
• Download and Unzip to your Desktop: »www.techsupportforum.com/sectool···imer.zip
• Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Please download ATF Cleaner
It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
• Double-click ATF-Cleaner.exe to run the program.
First Step:
• Under Main choose: Select All
• Click the Empty Selected button.
Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button. :!: Click Exit on the Main menu to close the program.
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.
Malware Removal Steps
1. Open HijackThis again, System scan only. Checkmark these items:
R0 - HKLM\Software\Microsoft\InternetExplorer\Search,SearchAssistant = »www.wsou.cn/band.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,ProxyOverride = 127.0.0.1
O3 - Toolbar: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} -C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [BM2bfe5c27] Rundll32.exe "C:\WINDOWS\system32\jwhhvurp.dll",s
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O14 - IERESET.INF:START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O15 - Trusted Zone: www.cashsurfers.com
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -»coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) -»static.waverevenue.com/website.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -»a19.g.akamai.net/7/19/7125/1452/···302/cpbrkpie.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357}(PCInfo.CMClass) -»ciscdb.sel.sony.com/support/pops···Info.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrintClass) - »offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AF697529-9D41-4647-8D80-9E2D74696D5E} (Divx Control)- »192.168.1.81/userform/divx.cab
O16 - DPF: {BE153019-DCDB-479E-827B-C2AAB8CDCA64} (OSDetectControl) - »»https://www.msisurvey.com/share/osdetect.ocx
O21 - SSODL: NetCheck - {F5B7DDBE-5f02-4244-96DB-386DFA24496B} -(no file)
Click "Fix checked" and when the log panel clears exit HijackThis.
2. Download and Run -- ComboFix©
Download this file -- to your Desktop -- from any of these sources:
• Disconnect from the Internet.
• Disable your Antivirus software -- this includes any Script Blocking Feature it may have.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.
4. Eset NOD32 scanner
Go here to run an online scannner from ESET: »www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is also Checked.
• Click Scan.
• Wait for the scan to finish.
• :!: Re-enable your Anvirisus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.
5. Run HijackThis again, and save the log file.
Submit to the Forum:
• The contents of C:\Combofix.txt;
• The MBAM log file;
• The ESET online scan results, C:\Program Files\EsetOnlineScanner\log.txt;
• The new HijackThis log.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
randyw01
join:2004-11-05
Oakland, CA
| I performed an ESET cleaning before I went to bed last night, which was before I read your cleaning instructions ( which I got to around noon ).
ATF Cleaner was installed and ran without problem.
I used HijackThis to fix all the entries you listed, even though some of them were there from voluntary installation.
Combofix ran for about 20 minutes, then became stuck trying to eliminate a file in system32; I had to restart the computer. Since the instructions said to not run Combofix more than once I moved to the next step. Since it didn't seem to finish correctly there is no log file saved.
MalwareBytes was installed and ran without problem.
ESET online scanner was run again.
======================================
MalwareBytes log:
Malwarebytes' Anti-Malware 1.11
Database version: 687
Scan type: Quick Scan
Objects scanned: 50944
Time elapsed: 27 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 32
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\antpboyd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wvUoLeBR.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6d9f1de-0d9c-4286-8779-37c51068eae9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e6d9f1de-0d9c-4286-8779-37c51068eae9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70522fa0-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70522fa1-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70522fa2-4656-11d5-b0e9-0050dac24e8f} (Adware.iWon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2bfe5c27 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvuolebr -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvuolebr -> Delete on reboot.
Folders Infected:
C:\Program Files\iWon (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonBar (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonBar\History (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonBar\Settings (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\1.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache (Adware.iWon) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\antpboyd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dyobptna.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoLeBR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\RBeLoUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RBeLoUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonBar\History\search (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\PM3.ico (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\1.bin\IWONSLOT.DLL (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\1.bin\PM3.ICO (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\1.bin\UNINSTALL.INF (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD8EEA (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD963D.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD9840.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD9A44.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD9C19.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD9DDE.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CAD9FA3.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADA168.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADA34D.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADA59E.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADA80F.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADA9E4.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADAC55.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADAE1A.bin (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADAFEF.wav (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADB202.wav (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADB483.wav (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\0CADB648.wav (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\268E043E (Adware.iWon) -> Quarantined and deleted successfully.
C:\Program Files\iWon\iWonSlot\Cache\files.ini (Adware.iWon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htuqswwx.dll (Trojan.Agent) -> Delete on reboot.
C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
================================================
ESET log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3057 (20080426)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ab020ffaac84eb4ca2845adea54587e8
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-04-27 03:51:07
# local_time=2008-04-26 08:51:07 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=697440
# found=2
# scan_time=14336
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUmJDuS.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP2\A0000013.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
===========================================
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31, on 2008-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C1CE040-5D65-422E-84C6-EFD6EEFCFA93} - C:\WINDOWS\system32\ssqRjkjI.dll (file missing)
O2 - BHO: (no name) - {259274E6-3FEB-5341-BD13-A1A07A9AD77A} - (no file)
O2 - BHO: (no name) - {2B76EB42-6211-417E-9A5D-EA8233C749EB} - (no file)
O2 - BHO: (no name) - {2CB8C4B2-9DAF-4263-818E-835A955224D1} - C:\WINDOWS\system32\qoMfghIY.dll (file missing)
O2 - BHO: {3041db1d-901b-ee6a-2004-aeb134d85913} - {31958d43-1bea-4002-a6ee-b109d1bd1403} - C:\WINDOWS\system32\dkebwlpm.dll
O2 - BHO: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {F6C97034-AD95-4205-8055-CAED72E7282A} - (no file)
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [28cd6fbb] rundll32.exe "C:\WINDOWS\system32\antpboyd.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: 192.168.1.81
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - »www.worldwinner.com/games/v46/sc···ubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - »www.worldwinner.com/games/v41/mi···ines.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - »support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - »www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - »www.worldwinner.com/games/v47/sk···lgam.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - »https://www.peoplepc.com/ppcos/ISP60/Dow···webi.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - »www.worldwinner.com/games/v46/sh···ader.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - »www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - »www.worldwinner.com/games/v48/br···kout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - »www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - »www.worldwinner.com/games/v43/ji···gsaw.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - »www.symantec.com/techsupp/asa/ss···tlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - »www.symantec.com/techsupp/asa/ss···tlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - »www.worldwinner.com/games/v52/ww···arts.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - »www.worldwinner.com/games/v63/bj···/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - »www.worldwinner.com/games/v46/be···eled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - »www.worldwinner.com/games/v49/bl···werx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »www.update.microsoft.com/microso···79311687
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - »www.worldwinner.com/games/v41/fr···cell.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - »ip.135mp3.com/135mp3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »www.update.microsoft.com/microso···79299890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - »chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - »www.worldwinner.com/games/shared···unch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - »www.worldwinner.com/games/v46/wo···mojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - »www.worldwinner.com/games/v57/cu···ubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - »www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - »www.worldwinner.com/games/v49/lu···uxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - »www.worldwinner.com/games/v67/sw···apit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - »www.worldwinner.com/games/v41/ha···gman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - »www.worldwinner.com/games/v42/ti···city.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - »www.worldwinner.com/games/v45/ro···oyal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - »download.mcafee.com/molbin/share···dmgr.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - »www.worldwinner.com/games/v50/di···dash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - »www.worldwinner.com/games/v43/pa···aint.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - »www.live365.com/players/play365.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - »www.worldwinner.com/games/v47/fa···feud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - »www.worldwinner.com/games/v44/go···fsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - »www.worldwinner.com/games/v47/ww···ades.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - »tools.ebayimg.com/eps/activex/EP···1-32.cab
O20 - Winlogon Notify: gdiwxp - gdiwxp.dll (file missing)
O20 - Winlogon Notify: vtUmJDuS - vtUmJDuS.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14733 bytes | |
|
