PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Microsoft AntiSpyware > Security and Anti-Spyware Community > Continued spyware problems

Reply
Thread Tools Rate Thread

Continued spyware problems

 
 
Anthony Pierce
Guest
Posts: n/a
 
      21st Apr 2005
Believe it or not, I am diligent about cleaning my system
daily and use a number ofteh 'better' programs to keepup
with infections.
No matter what I do I keep getting this kind ofreport via
Spyware DR:

Spyware Doctor Activity Report
Generated on 4/20/2005 8:16:40 PM Spyware Doctor
Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 4/20/2005 8:27:05 PM
scan stop: 4/20/2005 8:29:21 PM
scanned items: 20544
found items: 67
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts
scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
Browser Defaults, Favorites and ZoneMap Scanner, Browser
Scanner, Disk Scanner



Infection Name Location Risk
Host file location redirect multiple Medium
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid32 High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0\win32 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\FLAGS High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\HELPDIR High
Alexa HKCU\Software\Microsoft\Internet
Explorer\MenuExt\Write a Review... Elevated
SpyMyPc HKCU\Software\Benutec High
SpyMyPc HKCU\Software\Benutec\Network Mechanic High
SpyMyPc HKCU\Software\Benutec\RamCleaner High
Tracking Cookie(s) anthony pierce@network[2].txt Medium
Advertising anthony pierce@statcounter[1].txt Medium
Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
Medium
Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
Tracking Cookie(s) anthony pierce@LPintranets_busdev
[2].txt Medium
Tracking Cookie(s) anthony pierce@go[1].txt Medium
CWS C:\Documents and Settings\Anthony
Pierce\Favorites\computer support\best-searchengine.com
web search engine and directory.url High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\brainfox affiliate network -faqs.url
High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\domainsponsor.com - affiliate member
area.url High
Powersearch Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\a p t i m u s - corporate.url Medium
Rogue Anti-Spyware Products C:\Documents and
Settings\Anthony Pierce\Favorites\xoftspy.url High
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\headhunter.com\seeq -- search the web
for information & resources.url Elevated
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\ilm promo file\http--www.seeq.com-
popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
..url Elevated
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
A3DB-080036F12502} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\InprocServer32 High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\ProgID High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\VERSION High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
2438-11CF-A3DB-080036F12502} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\InprocServer32 High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\ProgID High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\TypeLib High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\VERSION High
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B} High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD} Elevated
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA} High
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A} Medium
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90} High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore



Sheeez!

Here is my HiJack This report done today:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:06 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\hh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
1c2956615786} - C:\Program Files\Google\Google Desktop
Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
Toolbar.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search -
res://C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... -
http://client.alexa.com/holiday/scri...ons/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02
\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.oscommerce.com
O16 - DPF: ppctlcab -
http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/S...tent/vc/bin/Av
Sniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
(SpyBouncer.SBDownloader) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S...tent/common/bi
n/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
(Install Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
(WScanCtl Class) -
http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
DOM Document 4.0) -
http://websitecreator.infoquest.com/...ic/activex/msx
ml4.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
File Upload Control) -
http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...erSetupDownloa
der.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
(YAddBook Class) -
http://us.dl1.yimg.com/download.yaho.../installs/suit
e/yautocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/S...tent/common/bi
n/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
(Microsoft Search Settings Control) -
http://lg.home.microsoft.com/search/...archsettings.c
ab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IMDownloader Class) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
\ckpNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe (file missing)
O23 - Service: Deepsight Extractor (DeepsightExtractor) -
Unknown owner - C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03
(ExtractorServiceNPF03) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04
(ExtractorServiceNPF04) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF04.exe
O23 - Service: InCD File System Service (InCDsrv) -
Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Unknown owner - C:\Program Files\Norton
Internet Security\Norton AntiVirus\navapsvc.exe (file
missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) -
Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Check Point SecuRemote Service
(SR_Service) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog
(SR_WatchDog) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe (file missing)


I dont know what to do. I hav not purchased Spyware
Doctor yet but may have to do so. I also use Spybot,
Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
and it other little helpers, MS Ati and trying out Pyware
Ferret.

Any suggestions?
Thanks
Anthony
 
Reply With Quote
 
 
 
 
Mikolaj
Guest
Posts: n/a
 
      21st Apr 2005
Użytkownik "Anthony Pierce" <(E-Mail Removed)> napisał w
wiadomości news:0d0d01c54624$3d15c110$(E-Mail Removed)...
> Believe it or not, I am diligent about cleaning my system
> daily and use a number ofteh 'better' programs to keepup
> with infections.
> No matter what I do I keep getting this kind ofreport via
> Spyware DR:
>
> Spyware Doctor Activity Report
> Generated on 4/20/2005 8:16:40 PM Spyware Doctor
> Homepage PC Tools Homepage Technical Support
>
>
> Scans (basic information only):
>
> Scan Results:
> scan start: 4/20/2005 8:27:05 PM
> scan stop: 4/20/2005 8:29:21 PM
> scanned items: 20544
> found items: 67
> found and ignored: 0
> tools used: General Scanner, Process Scanner, Hosts
> scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
> Browser Defaults, Favorites and ZoneMap Scanner, Browser
> Scanner, Disk Scanner
>
>
>
> Infection Name Location Risk
> Host file location redirect multiple Medium
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\ProxyStubClsid High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\ProxyStubClsid32 High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\0\win32 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\FLAGS High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\HELPDIR High
> Alexa HKCU\Software\Microsoft\Internet
> Explorer\MenuExt\Write a Review... Elevated
> SpyMyPc HKCU\Software\Benutec High
> SpyMyPc HKCU\Software\Benutec\Network Mechanic High
> SpyMyPc HKCU\Software\Benutec\RamCleaner High
> Tracking Cookie(s) anthony pierce@network[2].txt Medium
> Advertising anthony pierce@statcounter[1].txt Medium
> Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
> Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
> Medium
> Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
> Tracking Cookie(s) anthony pierce@LPintranets_busdev
> [2].txt Medium
> Tracking Cookie(s) anthony pierce@go[1].txt Medium
> CWS C:\Documents and Settings\Anthony
> Pierce\Favorites\computer support\best-searchengine.com
> web search engine and directory.url High
> Known Bad Sites C:\Documents and Settings\Anthony
> Pierce\Favorites\brainfox affiliate network -faqs.url
> High
> Known Bad Sites C:\Documents and Settings\Anthony
> Pierce\Favorites\domainsponsor.com - affiliate member
> area.url High
> Powersearch Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\a p t i m u s - corporate.url Medium
> Rogue Anti-Spyware Products C:\Documents and
> Settings\Anthony Pierce\Favorites\xoftspy.url High
> Seeq Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\headhunter.com\seeq -- search the web
> for information & resources.url Elevated
> Seeq Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\ilm promo file\http--www.seeq.com-
> popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
> .url Elevated
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
> A3DB-080036F12502} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\ProgID High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\VERSION High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
> 2438-11CF-A3DB-080036F12502} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\ProgID High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\TypeLib High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\VERSION High
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
> ClientMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
> ClientMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
> DailyToolbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 58F9B276-E1CC-458e-8159-21CBC021874B} High
> DailyToolbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
> Elitum EliteBar (Search Miracle)
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107BABCD} Elevated
> Elitum EliteBar (Search Miracle)
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
> FavoriteMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 00000EF1-0786-4633-87C6-1AA7A44296DA} High
> FavoriteMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
> NetSource101
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 15589FA1-C456-11CE-BF01-00AA0055595A} Medium
> NetSource101
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
> NewDotNet
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
> NewDotNet
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
> OnlDial.Ole
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107B7A90} High
> OnlDial.Ole
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
> TheSearchMall
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
> TheSearchMall
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
> WhenU.Search
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
> WhenU.Search
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
>
>
>
> Sheeez!
>
> Here is my HiJack This report done today:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:34:06 PM, on 4/20/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Unable to get Internet Explorer version!
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\LEXBCES.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\LEXPPS.EXE
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> C:\WINDOWS\system32\cisvc.exe
> C:\Program Files\Ahead\InCD\InCDsrv.exe
> C:\WINDOWS\system32\mgabg.exe
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
> C:\WINDOWS\system32\fxssvc.exe
> C:\WINDOWS\System32\alg.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\Program Files\SpywareGuard\sgmain.exe
> C:\Program Files\SpywareGuard\sgbhp.exe
> C:\Program Files\Symantec\DeepSight
> Extractor\ExtractorService.exe
> C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
> C:\Program Files\Microsoft
> AntiSpyware\GIANTAntiSpywareMain.exe
> C:\WINDOWS\hh.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
> C:\WINDOWS\system32\dwwin.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\Program Files\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet
> Explorer\Main,Search Page = www.google.com
> R1 - HKLM\Software\Microsoft\Internet
> Explorer\Main,Search Page = www.google.com
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
> 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
> \ActiveX\AcroIEHelper.dll
> O2 - BHO: SpywareGuard Download Protection - {4A368E80-
> 174F-4872-96B5-0B27DDD11DB2} - C:\Program
> Files\SpywareGuard\dlprotect.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
> 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
> D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
> 1c2956615786} - C:\Program Files\Google\Google Desktop
> Search\GoogleDesktopIE.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
> 8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
> A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
> 64B5B4FF55D0} - C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll
> O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
> 4b9e-9B19-A37C9A5676A7} - (no file)
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
> 7859DF00B1D6} - (no file)
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
> 009027A5CD4F} - c:\program files\google\googletoolbar2.dll
> O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
> 2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
> 64B5B4FF55D0} - C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll
> O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
> A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
> Toolbar.dll
> O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
> 450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
> O4 - Global Startup: Adobe Reader Speed Launch.lnk =
> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet
> Explorer\Restrictions present
> O6 - HKCU\Software\Policies\Microsoft\Internet
> Explorer\Control Panel present
> O8 - Extra context menu item: &Add animation to
> IncrediMail Style Box - C:\PROGRA~1\INCRED~1
> \bin\resources\WebMenuImg.htm
> O8 - Extra context menu item: &Google Search -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &MSN Search -
> res://C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
> O8 - Extra context menu item: Backward Links -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmtrans.html
> O8 - Extra context menu item: Write a Review... -
> http://client.alexa.com/holiday/scri...ons/review.htm
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
> 00401C608501} - C:\Program Files\Java\jre1.5.0_02
> \bin\npjpi150_02.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
> 4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
> A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
> 0800200c9a66} - %windir%\bdoscandel.exe (file missing)
> O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
> Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
> windir%\bdoscandel.exe (file missing)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
> 3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
> 4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
> 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
> 51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
> O12 - Plugin for .wma: C:\Program
> Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
> O15 - Trusted Zone: http://linktrader.cyberspacehq.com
> O15 - Trusted Zone: http://www.msn.com
> O15 - Trusted Zone: http://www.oscommerce.com
> O16 - DPF: ppctlcab -
> http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
> (Symantec AntiVirus scanner) -
> http://security.symantec.com/sscv6/S...tent/vc/bin/Av
> Sniff.cab
> O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
> (PPSDKActiveXScanner.MainScreen) -
> http://ppupdates.ca.com/downloads/scanner/axscanner.cab
> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
> Photo Upload Tool) -
> http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
> O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
> (BDSCANONLINE Control) -
> http://www.bitdefender.com/scan8/oscan8.cab
> O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
> (SpyBouncer.SBDownloader) -
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
> (Symantec RuFSI Utility Class) -
> http://security.symantec.com/sscv6/S...tent/common/bi
> n/cabsa.cab
> O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
> (Install Class) -
> O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
> (WScanCtl Class) -
> http://www3.ca.com/securityadvisor/v...fo/webscan.cab
> O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
> DOM Document 4.0) -
> http://websitecreator.infoquest.com/...ic/activex/msx
> ml4.cab
> O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
> File Upload Control) -
> http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
> (ActiveScan Installer Class) -
> http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
> (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...erSetupDownloa
>der.cab
> O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
> (YAddBook Class) -
> http://us.dl1.yimg.com/download.yaho.../installs/suit
> e/yautocomplete.cab
> O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
> (Symantec RuFSI Registry Information Class) -
> http://security.symantec.com/sscv6/S...tent/common/bi
> n/cabsa.cab
> O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
> Photo Upload Tool) -
> http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
> (ActiveDataInfo Class) -
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
> (ActiveDataObj Class) - https://www-
> secure.symantec.com/techsupp/activedata/ActiveData.cab
> O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
> (QDiagHUpdateObj Class) -
> http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
> O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
> (Microsoft Search Settings Control) -
> http://lg.home.microsoft.com/search/...archsettings.c
> ab
> O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
> (IMDownloader Class) -
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
> Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
> O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
> \ckpNotify.dll
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
> GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
> GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe (file missing)
> O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
> owner - C:\Program Files\Common Files\Symantec
> Shared\ccProxy.exe (file missing)
> O23 - Service: Symantec Password Validation (ccPwdSvc) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe (file missing)
> O23 - Service: Symantec Settings Manager (ccSetMgr) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccSetMgr.exe (file missing)
> O23 - Service: Deepsight Extractor (DeepsightExtractor) -
> Unknown owner - C:\Program Files\Symantec\DeepSight
> Extractor\ExtractorService.exe
> O23 - Service: DeepSight Extractor Service for NPF03
> (ExtractorServiceNPF03) - Unknown owner - C:\Program
> Files\Symantec\DeepSight
> Extractor\ExtractorServiceNPF03.exe
> O23 - Service: DeepSight Extractor Service for NPF04
> (ExtractorServiceNPF04) - Unknown owner - C:\Program
> Files\Symantec\DeepSight
> Extractor\ExtractorServiceNPF04.exe
> O23 - Service: InCD File System Service (InCDsrv) -
> Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
> O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
> Files\Norton Internet Security\ISSVC.exe (file missing)
> O23 - Service: LexBce Server (LexBceS) - Lexmark
> International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
> O23 - Service: MGABGEXE - Matrox Graphics Inc. -
> C:\WINDOWS\system32\mgabg.exe
> O23 - Service: Norton AntiVirus Auto-Protect Service
> (navapsvc) - Unknown owner - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\navapsvc.exe (file
> missing)
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
> \HPZipm12.exe
> O23 - Service: SAVScan - Unknown owner - C:\Program
> Files\Norton Internet Security\Norton
> AntiVirus\SAVScan.exe (file missing)
> O23 - Service: ScriptBlocking Service (SBService) -
> Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
> \SBServ.exe (file missing)
> O23 - Service: Symantec Network Drivers Service
> (SNDSrvc) - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\SNDSrvc.exe (file missing)
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
> owner - C:\Program Files\Common Files\Symantec
> Shared\SPBBC\SPBBCSvc.exe (file missing)
> O23 - Service: Check Point SecuRemote Service
> (SR_Service) - Check Point Software Technologies -
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
> O23 - Service: Check Point SecuRemote WatchDog
> (SR_WatchDog) - Check Point Software Technologies -
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
> O23 - Service: Symantec Core LC - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\CCPD-
> LC\symlcsvc.exe (file missing)
>
>
> I dont know what to do. I hav not purchased Spyware
> Doctor yet but may have to do so. I also use Spybot,
> Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
> and it other little helpers, MS Ati and trying out Pyware
> Ferret.
>
> Any suggestions?
> Thanks
> Anthony


First of all take a look (and use :-) ) the information that Ron Kinner
placed on the newsgroup:

> I'm bored and I haven't had a good HijackThis log to work
> on all day. Will somebody take pity on me and send me a
> HijackThis log?
>
> Get HijackThis.exe from
> http://tomcoyote.org/hjt/hjt199//HijackThis.exe
>
> Save it to C:\hjt (new folder) then Open it and select
> Scan and Save Log. Note where you saved the log then
> send it to me as an attachment. Put Hijack in the subject
> so I'll know it's not spam.
>
> Ron Kinner
> Microsoft MVP 2004 & 2005
> (E-Mail Removed)

Also you can start the computer in a safe mode, than start the MS
AntiSpyware application,
go to Scan options, select Run a full system scan and let it clean the
system.
And of course try the other "cleaning" software:

McAfee Stinger http://vil.nai.com/vil/stinger/
Spybot Search&Destroy http://www.majorgeeks.com/download2471.html
HijackThis http://www.majorgeeks.com/download3155.html
CWShredder http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal http://www.lavasoft.com/software/adaware/


--
Pozdrawiam serdecznie / Kind regards
Mikolaj Kaminski
MS-MVP, Poland
 
Reply With Quote
 
OMG
Guest
Posts: n/a
 
      22nd Apr 2005

>-----Original Message-----
>Believe it or not, I am diligent about cleaning my system
>daily and use a number ofteh 'better' programs to keepup
>with infections.
>No matter what I do I keep getting this kind ofreport via
>Spyware DR:
>
>Spyware Doctor Activity Report
>Generated on 4/20/2005 8:16:40 PM Spyware Doctor
>Homepage PC Tools Homepage Technical Support
>
>
>Scans (basic information only):
>
>Scan Results:
>scan start: 4/20/2005 8:27:05 PM
>scan stop: 4/20/2005 8:29:21 PM
>scanned items: 20544
>found items: 67
>found and ignored: 0
>tools used: General Scanner, Process Scanner, Hosts
>scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
>Browser Defaults, Favorites and ZoneMap Scanner, Browser
>Scanner, Disk Scanner
>
>
>
> Infection Name Location Risk
> Host file location redirect multiple Medium
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\ProxyStubClsid High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\ProxyStubClsid32 High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\0\win32 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\FLAGS High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\HELPDIR High
> Alexa HKCU\Software\Microsoft\Internet
>Explorer\MenuExt\Write a Review... Elevated
> SpyMyPc HKCU\Software\Benutec High
> SpyMyPc HKCU\Software\Benutec\Network Mechanic High
> SpyMyPc HKCU\Software\Benutec\RamCleaner High
> Tracking Cookie(s) anthony pierce@network[2].txt Medium
> Advertising anthony pierce@statcounter[1].txt Medium
> Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
> Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
>Medium
> Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
> Tracking Cookie(s) anthony pierce@LPintranets_busdev
>[2].txt Medium
> Tracking Cookie(s) anthony pierce@go[1].txt Medium
> CWS C:\Documents and Settings\Anthony
>Pierce\Favorites\computer support\best-searchengine.com
>web search engine and directory.url High
> Known Bad Sites C:\Documents and Settings\Anthony
>Pierce\Favorites\brainfox affiliate network -faqs.url
>High
> Known Bad Sites C:\Documents and Settings\Anthony
>Pierce\Favorites\domainsponsor.com - affiliate member
>area.url High
> Powersearch Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\a p t i m u s - corporate.url Medium
> Rogue Anti-Spyware Products C:\Documents and
>Settings\Anthony Pierce\Favorites\xoftspy.url High
> Seeq Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\headhunter.com\seeq -- search the web
>for information & resources.url Elevated
> Seeq Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\ilm promo file\http--www.seeq.com-
>popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
>..url Elevated
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
>A3DB-080036F12502} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\ProgID High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\VERSION High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
>2438-11CF-A3DB-080036F12502} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\ProgID High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\TypeLib High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\VERSION High
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
> ClientMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
> ClientMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
> DailyToolbar
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>58F9B276-E1CC-458e-8159-21CBC021874B} High
> DailyToolbar
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
> Elitum EliteBar (Search Miracle)
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107BABCD} Elevated
> Elitum EliteBar (Search Miracle)
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
> FavoriteMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>00000EF1-0786-4633-87C6-1AA7A44296DA} High
> FavoriteMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
> NetSource101
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>15589FA1-C456-11CE-BF01-00AA0055595A} Medium
> NetSource101
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
> NewDotNet
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
> NewDotNet
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
> OnlDial.Ole
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107B7A90} High
> OnlDial.Ole
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
> TheSearchMall
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
> TheSearchMall
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
> WhenU.Search
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
> WhenU.Search
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
>
>
>
>Sheeez!
>
>Here is my HiJack This report done today:
>
>Logfile of HijackThis v1.99.1
>Scan saved at 6:34:06 PM, on 4/20/2005
>Platform: Windows XP SP2 (WinNT 5.01.2600)
>MSIE: Unable to get Internet Explorer version!
>
>Running processes:
>C:\WINDOWS\System32\smss.exe
>C:\WINDOWS\system32\csrss.exe
>C:\WINDOWS\system32\winlogon.exe
>C:\WINDOWS\system32\services.exe
>C:\WINDOWS\system32\lsass.exe
>C:\WINDOWS\system32\svchost.exe
>C:\WINDOWS\system32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\Explorer.EXE
>C:\WINDOWS\system32\LEXBCES.EXE
>C:\WINDOWS\system32\spoolsv.exe
>C:\WINDOWS\system32\LEXPPS.EXE
>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>C:\WINDOWS\system32\cisvc.exe
>C:\Program Files\Ahead\InCD\InCDsrv.exe
>C:\WINDOWS\system32\mgabg.exe
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\system32\wdfmgr.exe
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
>C:\WINDOWS\system32\fxssvc.exe
>C:\WINDOWS\System32\alg.exe
>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\WINDOWS\system32\cidaemon.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
>C:\WINDOWS\Explorer.EXE
>C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
>C:\Program Files\SpywareGuard\sgmain.exe
>C:\Program Files\SpywareGuard\sgbhp.exe
>C:\Program Files\Symantec\DeepSight
>Extractor\ExtractorService.exe
>C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
>C:\Program Files\Microsoft
>AntiSpyware\GIANTAntiSpywareMain.exe
>C:\WINDOWS\hh.exe
>C:\Program Files\Internet Explorer\iexplore.exe
>C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
>C:\WINDOWS\system32\dwwin.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\Program Files\HijackThis.exe
>
>R1 - HKCU\Software\Microsoft\Internet
>Explorer\Main,Search Page = www.google.com
>R1 - HKLM\Software\Microsoft\Internet
>Explorer\Main,Search Page = www.google.com
>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
>784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
>\ActiveX\AcroIEHelper.dll
>O2 - BHO: SpywareGuard Download Protection - {4A368E80-
>174F-4872-96B5-0B27DDD11DB2} - C:\Program
>Files\SpywareGuard\dlprotect.dll
>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
>206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
>D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
>O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
>1c2956615786} - C:\Program Files\Google\Google Desktop
>Search\GoogleDesktopIE.dll
>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
>8333-CF10577473F7} - c:\program
>files\google\googletoolbar2.dll
>O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
>A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
>4b9e-9B19-A37C9A5676A7} - (no file)
>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
>7859DF00B1D6} - (no file)
>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
>009027A5CD4F} - c:\program files\google\googletoolbar2.dll
>O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
>2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
>A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
>Toolbar.dll
>O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
>450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>Files\Real\Update_OB\realsched.exe" -osboot
>O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
>O4 - Global Startup: Adobe Reader Speed Launch.lnk =
>C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>O6 - HKCU\Software\Policies\Microsoft\Internet
>Explorer\Restrictions present
>O6 - HKCU\Software\Policies\Microsoft\Internet
>Explorer\Control Panel present
>O8 - Extra context menu item: &Add animation to
>IncrediMail Style Box - C:\PROGRA~1\INCRED~1
>\bin\resources\WebMenuImg.htm
>O8 - Extra context menu item: &Google Search -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmsearch.html
>O8 - Extra context menu item: &MSN Search -
>res://C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
>O8 - Extra context menu item: Backward Links -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmbacklinks.html
>O8 - Extra context menu item: Cached Snapshot of Page -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmcache.html
>O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
>O8 - Extra context menu item: Similar Pages -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmsimilar.html
>O8 - Extra context menu item: Translate into English -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmtrans.html
>O8 - Extra context menu item: Write a Review... -
>http://client.alexa.com/holiday/scri...ons/review.htm
>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
>00401C608501} - C:\Program Files\Java\jre1.5.0_02
>\bin\npjpi150_02.dll
>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
>4FCB-11CF-AAA5-00401C608501} - C:\Program
>Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
>O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
>A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
>0800200c9a66} - %windir%\bdoscandel.exe (file missing)
>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
>Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
>windir%\bdoscandel.exe (file missing)
>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
>3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
>O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
>4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
>00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
>O9 - Extra 'Tools' menuitem: Windows Messenger -
>{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>Files\Messenger\msmsgs.exe
>O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
>51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
>O12 - Plugin for .wma: C:\Program
>Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
>O15 - Trusted Zone: http://linktrader.cyberspacehq.com
>O15 - Trusted Zone: http://www.msn.com
>O15 - Trusted Zone: http://www.oscommerce.com
>O16 - DPF: ppctlcab -
>http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
>(Symantec AntiVirus scanner) -
>http://security.symantec.com/sscv6/S...tent/vc/bin/Av
>Sniff.cab
>O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
>(PPSDKActiveXScanner.MainScreen) -
>http://ppupdates.ca.com/downloads/scanner/axscanner.cab
>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
>Photo Upload Tool) -
>http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
>(BDSCANONLINE Control) -
>http://www.bitdefender.com/scan8/oscan8.cab
>O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
>(SpyBouncer.SBDownloader) -
>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
>(Symantec RuFSI Utility Class) -
>http://security.symantec.com/sscv6/S...tent/common/bi
>n/cabsa.cab
>O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
>(Install Class) -
>O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
>(WScanCtl Class) -
>http://www3.ca.com/securityadvisor/v...fo/webscan.cab
>O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
>DOM Document 4.0) -
>http://websitecreator.infoquest.com/...ic/activex/msx
>ml4.cab
>O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
>File Upload Control) -
>http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
>O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
>(ActiveScan Installer Class) -
>http://www.pandasoftware.com/activescan/as5/asinst.cab
>O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
>(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
>(MsnMessengerSetupDownloadControl Class) -
>http://messenger.msn.com/download/Ms...erSetupDownloa
>der.cab
>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
>(YAddBook Class) -
>http://us.dl1.yimg.com/download.yaho.../installs/suit
>e/yautocomplete.cab
>O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
>(Symantec RuFSI Registry Information Class) -
>http://security.symantec.com/sscv6/S...tent/common/bi
>n/cabsa.cab
>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
>Photo Upload Tool) -
>http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
>(ActiveDataInfo Class) -
>O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
>(ActiveDataObj Class) - https://www-
>secure.symantec.com/techsupp/activedata/ActiveData.cab
>O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
>(QDiagHUpdateObj Class) -
>http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
>O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
>(Microsoft Search Settings Control) -
>http://lg.home.microsoft.com/search/...archsettings.c
>ab
>O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
>(IMDownloader Class) -
>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
>Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
>O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
>\ckpNotify.dll
>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>O23 - Service: Symantec Event Manager (ccEvtMgr) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccEvtMgr.exe (file missing)
>O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
>owner - C:\Program Files\Common Files\Symantec
>Shared\ccProxy.exe (file missing)
>O23 - Service: Symantec Password Validation (ccPwdSvc) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccPwdSvc.exe (file missing)
>O23 - Service: Symantec Settings Manager (ccSetMgr) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccSetMgr.exe (file missing)
>O23 - Service: Deepsight Extractor (DeepsightExtractor) -
>Unknown owner - C:\Program Files\Symantec\DeepSight
>Extractor\ExtractorService.exe
>O23 - Service: DeepSight Extractor Service for NPF03
>(ExtractorServiceNPF03) - Unknown owner - C:\Program
>Files\Symantec\DeepSight
>Extractor\ExtractorServiceNPF03.exe
>O23 - Service: DeepSight Extractor Service for NPF04
>(ExtractorServiceNPF04) - Unknown owner - C:\Program
>Files\Symantec\DeepSight
>Extractor\ExtractorServiceNPF04.exe
>O23 - Service: InCD File System Service (InCDsrv) -
>Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
>O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
>Files\Norton Internet Security\ISSVC.exe (file missing)
>O23 - Service: LexBce Server (LexBceS) - Lexmark
>International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
>O23 - Service: MGABGEXE - Matrox Graphics Inc. -
>C:\WINDOWS\system32\mgabg.exe
>O23 - Service: Norton AntiVirus Auto-Protect Service
>(navapsvc) - Unknown owner - C:\Program Files\Norton
>Internet Security\Norton AntiVirus\navapsvc.exe (file
>missing)
>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
>\HPZipm12.exe
>O23 - Service: SAVScan - Unknown owner - C:\Program
>Files\Norton Internet Security\Norton
>AntiVirus\SAVScan.exe (file missing)
>O23 - Service: ScriptBlocking Service (SBService) -
>Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
>\SBServ.exe (file missing)
>O23 - Service: Symantec Network Drivers Service
>(SNDSrvc) - Unknown owner - C:\Program Files\Common
>Files\Symantec Shared\SNDSrvc.exe (file missing)
>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
>owner - C:\Program Files\Common Files\Symantec
>Shared\SPBBC\SPBBCSvc.exe (file missing)
>O23 - Service: Check Point SecuRemote Service
>(SR_Service) - Check Point Software Technologies -
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
>O23 - Service: Check Point SecuRemote WatchDog
>(SR_WatchDog) - Check Point Software Technologies -
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>O23 - Service: Symantec Core LC - Unknown owner -
>C:\Program Files\Common Files\Symantec Shared\CCPD-
>LC\symlcsvc.exe (file missing)
>
>
>I dont know what to do. I hav not purchased Spyware
>Doctor yet but may have to do so. I also use Spybot,
>Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
>and it other little helpers, MS Ati and trying out Pyware
>Ferret.
>
>Any suggestions?
>Thanks
>Anthony
>.
>

Whew! You got some nasty buggers, let me know if you
resolve this, because a friend of mine has some similar
nasties, which I had to give up on.
 
Reply With Quote
 
D@annyBoy
Guest
Posts: n/a
 
      23rd Apr 2005
try clearing the cache, temp files, etc and get applications to remove the
cookies
reboot to safe mode and run a full scan

"OMG" <(E-Mail Removed)> wrote in message
news:08f801c5476f$b7184450$(E-Mail Removed)...
>
>>-----Original Message-----
>>Believe it or not, I am diligent about cleaning my system
>>daily and use a number ofteh 'better' programs to keepup
>>with infections.
>>No matter what I do I keep getting this kind ofreport via
>>Spyware DR:
>>
>>Spyware Doctor Activity Report
>>Generated on 4/20/2005 8:16:40 PM Spyware Doctor
>>Homepage PC Tools Homepage Technical Support
>>
>>
>>Scans (basic information only):
>>
>>Scan Results:
>>scan start: 4/20/2005 8:27:05 PM
>>scan stop: 4/20/2005 8:29:21 PM
>>scanned items: 20544
>>found items: 67
>>found and ignored: 0
>>tools used: General Scanner, Process Scanner, Hosts
>>scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
>>Browser Defaults, Favorites and ZoneMap Scanner, Browser
>>Scanner, Disk Scanner
>>
>>
>>
>> Infection Name Location Risk
>> Host file location redirect multiple Medium
>> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>>00105AA5CCFF} High
>> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>>00105AA5CCFF}\ProxyStubClsid High
>> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>>00105AA5CCFF}\ProxyStubClsid32 High
>> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>>00105AA5CCFF}\TypeLib High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF} High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF}\5.0 High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF}\5.0\0 High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF}\5.0\0\win32 High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF}\5.0\FLAGS High
>> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>>00105AA5CCFF}\5.0\HELPDIR High
>> Alexa HKCU\Software\Microsoft\Internet
>>Explorer\MenuExt\Write a Review... Elevated
>> SpyMyPc HKCU\Software\Benutec High
>> SpyMyPc HKCU\Software\Benutec\Network Mechanic High
>> SpyMyPc HKCU\Software\Benutec\RamCleaner High
>> Tracking Cookie(s) anthony pierce@network[2].txt Medium
>> Advertising anthony pierce@statcounter[1].txt Medium
>> Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
>> Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
>>Medium
>> Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
>> Tracking Cookie(s) anthony pierce@LPintranets_busdev
>>[2].txt Medium
>> Tracking Cookie(s) anthony pierce@go[1].txt Medium
>> CWS C:\Documents and Settings\Anthony
>>Pierce\Favorites\computer support\best-searchengine.com
>>web search engine and directory.url High
>> Known Bad Sites C:\Documents and Settings\Anthony
>>Pierce\Favorites\brainfox affiliate network -faqs.url
>>High
>> Known Bad Sites C:\Documents and Settings\Anthony
>>Pierce\Favorites\domainsponsor.com - affiliate member
>>area.url High
>> Powersearch Toolbar C:\Documents and Settings\Anthony
>>Pierce\Favorites\a p t i m u s - corporate.url Medium
>> Rogue Anti-Spyware Products C:\Documents and
>>Settings\Anthony Pierce\Favorites\xoftspy.url High
>> Seeq Toolbar C:\Documents and Settings\Anthony
>>Pierce\Favorites\headhunter.com\seeq -- search the web
>>for information & resources.url Elevated
>> Seeq Toolbar C:\Documents and Settings\Anthony
>>Pierce\Favorites\ilm promo file\http--www.seeq.com-
>>popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
>>..url Elevated
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF} High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\Implemented Categories High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
>>A3DB-080036F12502} High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\InprocServer32 High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\ProgID High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\TypeLib High
>> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>>00105AA5CCFF}\VERSION High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF} High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\Implemented Categories High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
>>2438-11CF-A3DB-080036F12502} High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\InprocServer32 High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\ProgID High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\TypeLib High
>> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>>11D4-B1B5-00105AA5CCFF}\VERSION High
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
>> Alexa
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
>> ClientMan
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
>> ClientMan
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
>> DailyToolbar
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>58F9B276-E1CC-458e-8159-21CBC021874B} High
>> DailyToolbar
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
>> Elitum EliteBar (Search Miracle)
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>02C20140-76F8-4763-83D5-B660107BABCD} Elevated
>> Elitum EliteBar (Search Miracle)
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
>> FavoriteMan
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>00000EF1-0786-4633-87C6-1AA7A44296DA} High
>> FavoriteMan
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
>> NetSource101
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>15589FA1-C456-11CE-BF01-00AA0055595A} Medium
>> NetSource101
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
>> NewDotNet
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
>> NewDotNet
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
>> OnlDial.Ole
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>02C20140-76F8-4763-83D5-B660107B7A90} High
>> OnlDial.Ole
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
>> TheSearchMall
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
>> TheSearchMall
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
>> WhenU.Search
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
>> WhenU.Search
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>>BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
>>
>>
>>
>>Sheeez!
>>
>>Here is my HiJack This report done today:
>>
>>Logfile of HijackThis v1.99.1
>>Scan saved at 6:34:06 PM, on 4/20/2005
>>Platform: Windows XP SP2 (WinNT 5.01.2600)
>>MSIE: Unable to get Internet Explorer version!
>>
>>Running processes:
>>C:\WINDOWS\System32\smss.exe
>>C:\WINDOWS\system32\csrss.exe
>>C:\WINDOWS\system32\winlogon.exe
>>C:\WINDOWS\system32\services.exe
>>C:\WINDOWS\system32\lsass.exe
>>C:\WINDOWS\system32\svchost.exe
>>C:\WINDOWS\system32\svchost.exe
>>C:\WINDOWS\System32\svchost.exe
>>C:\WINDOWS\System32\svchost.exe
>>C:\WINDOWS\System32\svchost.exe
>>C:\WINDOWS\Explorer.EXE
>>C:\WINDOWS\system32\LEXBCES.EXE
>>C:\WINDOWS\system32\spoolsv.exe
>>C:\WINDOWS\system32\LEXPPS.EXE
>>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>>C:\WINDOWS\system32\cisvc.exe
>>C:\Program Files\Ahead\InCD\InCDsrv.exe
>>C:\WINDOWS\system32\mgabg.exe
>>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>>C:\WINDOWS\System32\svchost.exe
>>C:\WINDOWS\system32\wdfmgr.exe
>>C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
>>C:\WINDOWS\system32\fxssvc.exe
>>C:\WINDOWS\System32\alg.exe
>>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>>C:\WINDOWS\system32\cidaemon.exe
>>C:\WINDOWS\system32\drwtsn32.exe
>>C:\WINDOWS\system32\drwtsn32.exe
>>C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
>>C:\WINDOWS\Explorer.EXE
>>C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
>>C:\Program Files\SpywareGuard\sgmain.exe
>>C:\Program Files\SpywareGuard\sgbhp.exe
>>C:\Program Files\Symantec\DeepSight
>>Extractor\ExtractorService.exe
>>C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
>>C:\Program Files\Microsoft
>>AntiSpyware\GIANTAntiSpywareMain.exe
>>C:\WINDOWS\hh.exe
>>C:\Program Files\Internet Explorer\iexplore.exe
>>C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
>>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
>>C:\WINDOWS\system32\dwwin.exe
>>C:\WINDOWS\system32\drwtsn32.exe
>>C:\Program Files\HijackThis.exe
>>
>>R1 - HKCU\Software\Microsoft\Internet
>>Explorer\Main,Search Page = www.google.com
>>R1 - HKLM\Software\Microsoft\Internet
>>Explorer\Main,Search Page = www.google.com
>>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
>>784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
>>\ActiveX\AcroIEHelper.dll
>>O2 - BHO: SpywareGuard Download Protection - {4A368E80-
>>174F-4872-96B5-0B27DDD11DB2} - C:\Program
>>Files\SpywareGuard\dlprotect.dll
>>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
>>206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
>>D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
>>O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
>>1c2956615786} - C:\Program Files\Google\Google Desktop
>>Search\GoogleDesktopIE.dll
>>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
>>8333-CF10577473F7} - c:\program
>>files\google\googletoolbar2.dll
>>O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
>>A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
>>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>>O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
>>4b9e-9B19-A37C9A5676A7} - (no file)
>>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
>>7859DF00B1D6} - (no file)
>>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
>>009027A5CD4F} - c:\program files\google\googletoolbar2.dll
>>O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
>>2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
>>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
>>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>>O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
>>A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
>>Toolbar.dll
>>O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
>>450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
>>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>>Files\Real\Update_OB\realsched.exe" -osboot
>>O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
>>O4 - Global Startup: Adobe Reader Speed Launch.lnk =
>>C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>>O6 - HKCU\Software\Policies\Microsoft\Internet
>>Explorer\Restrictions present
>>O6 - HKCU\Software\Policies\Microsoft\Internet
>>Explorer\Control Panel present
>>O8 - Extra context menu item: &Add animation to
>>IncrediMail Style Box - C:\PROGRA~1\INCRED~1
>>\bin\resources\WebMenuImg.htm
>>O8 - Extra context menu item: &Google Search -
>>res://c:\program
>>files\google\GoogleToolbar2.dll/cmsearch.html
>>O8 - Extra context menu item: &MSN Search -
>>res://C:\Program Files\MSN Toolbar
>>Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
>>O8 - Extra context menu item: Backward Links -
>>res://c:\program
>>files\google\GoogleToolbar2.dll/cmbacklinks.html
>>O8 - Extra context menu item: Cached Snapshot of Page -
>>res://c:\program
>>files\google\GoogleToolbar2.dll/cmcache.html
>>O8 - Extra context menu item: E&xport to Microsoft Excel -
>> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
>>O8 - Extra context menu item: Similar Pages -
>>res://c:\program
>>files\google\GoogleToolbar2.dll/cmsimilar.html
>>O8 - Extra context menu item: Translate into English -
>>res://c:\program
>>files\google\GoogleToolbar2.dll/cmtrans.html
>>O8 - Extra context menu item: Write a Review... -
>>http://client.alexa.com/holiday/scri...ons/review.htm
>>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
>>00401C608501} - C:\Program Files\Java\jre1.5.0_02
>>\bin\npjpi150_02.dll
>>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
>>4FCB-11CF-AAA5-00401C608501} - C:\Program
>>Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
>>O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
>>A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
>>0800200c9a66} - %windir%\bdoscandel.exe (file missing)
>>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
>>Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
>>windir%\bdoscandel.exe (file missing)
>>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
>>3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
>>O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
>>4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
>>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
>>00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
>>O9 - Extra 'Tools' menuitem: Windows Messenger -
>>{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>>Files\Messenger\msmsgs.exe
>>O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
>>51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
>>O12 - Plugin for .wma: C:\Program
>>Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
>>O15 - Trusted Zone: http://linktrader.cyberspacehq.com
>>O15 - Trusted Zone: http://www.msn.com
>>O15 - Trusted Zone: http://www.oscommerce.com
>>O16 - DPF: ppctlcab -
>>http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
>>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
>>(Symantec AntiVirus scanner) -
>>http://security.symantec.com/sscv6/S...tent/vc/bin/Av
>>Sniff.cab
>>O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
>>(PPSDKActiveXScanner.MainScreen) -
>>http://ppupdates.ca.com/downloads/scanner/axscanner.cab
>>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
>>Photo Upload Tool) -
>>http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
>>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
>>(BDSCANONLINE Control) -
>>http://www.bitdefender.com/scan8/oscan8.cab
>>O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
>>(SpyBouncer.SBDownloader) -
>>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
>>(Symantec RuFSI Utility Class) -
>>http://security.symantec.com/sscv6/S...tent/common/bi
>>n/cabsa.cab
>>O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
>>(Install Class) -
>>O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
>>(WScanCtl Class) -
>>http://www3.ca.com/securityadvisor/v...fo/webscan.cab
>>O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
>>DOM Document 4.0) -
>>http://websitecreator.infoquest.com/...ic/activex/msx
>>ml4.cab
>>O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
>>File Upload Control) -
>>http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
>>O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
>>(ActiveScan Installer Class) -
>>http://www.pandasoftware.com/activescan/as5/asinst.cab
>>O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
>>(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
>>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
>>(MsnMessengerSetupDownloadControl Class) -
>>http://messenger.msn.com/download/Ms...erSetupDownloa
>>der.cab
>>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
>>(YAddBook Class) -
>>http://us.dl1.yimg.com/download.yaho.../installs/suit
>>e/yautocomplete.cab
>>O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
>>(Symantec RuFSI Registry Information Class) -
>>http://security.symantec.com/sscv6/S...tent/common/bi
>>n/cabsa.cab
>>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
>>Photo Upload Tool) -
>>http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
>>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
>>(ActiveDataInfo Class) -
>>O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
>>(ActiveDataObj Class) - https://www-
>>secure.symantec.com/techsupp/activedata/ActiveData.cab
>>O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
>>(QDiagHUpdateObj Class) -
>>http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
>>O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
>>(Microsoft Search Settings Control) -
>>http://lg.home.microsoft.com/search/...archsettings.c
>>ab
>>O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
>>(IMDownloader Class) -
>>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
>>Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
>>O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
>>\ckpNotify.dll
>>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
>>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>>O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
>>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>>O23 - Service: Symantec Event Manager (ccEvtMgr) -
>>Unknown owner - C:\Program Files\Common Files\Symantec
>>Shared\ccEvtMgr.exe (file missing)
>>O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
>>owner - C:\Program Files\Common Files\Symantec
>>Shared\ccProxy.exe (file missing)
>>O23 - Service: Symantec Password Validation (ccPwdSvc) -
>>Unknown owner - C:\Program Files\Common Files\Symantec
>>Shared\ccPwdSvc.exe (file missing)
>>O23 - Service: Symantec Settings Manager (ccSetMgr) -
>>Unknown owner - C:\Program Files\Common Files\Symantec
>>Shared\ccSetMgr.exe (file missing)
>>O23 - Service: Deepsight Extractor (DeepsightExtractor) -
>>Unknown owner - C:\Program Files\Symantec\DeepSight
>>Extractor\ExtractorService.exe
>>O23 - Service: DeepSight Extractor Service for NPF03
>>(ExtractorServiceNPF03) - Unknown owner - C:\Program
>>Files\Symantec\DeepSight
>>Extractor\ExtractorServiceNPF03.exe
>>O23 - Service: DeepSight Extractor Service for NPF04
>>(ExtractorServiceNPF04) - Unknown owner - C:\Program
>>Files\Symantec\DeepSight
>>Extractor\ExtractorServiceNPF04.exe
>>O23 - Service: InCD File System Service (InCDsrv) -
>>Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
>>O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
>>Files\Norton Internet Security\ISSVC.exe (file missing)
>>O23 - Service: LexBce Server (LexBceS) - Lexmark
>>International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
>>O23 - Service: MGABGEXE - Matrox Graphics Inc. -
>>C:\WINDOWS\system32\mgabg.exe
>>O23 - Service: Norton AntiVirus Auto-Protect Service
>>(navapsvc) - Unknown owner - C:\Program Files\Norton
>>Internet Security\Norton AntiVirus\navapsvc.exe (file
>>missing)
>>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
>>\HPZipm12.exe
>>O23 - Service: SAVScan - Unknown owner - C:\Program
>>Files\Norton Internet Security\Norton
>>AntiVirus\SAVScan.exe (file missing)
>>O23 - Service: ScriptBlocking Service (SBService) -
>>Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
>>\SBServ.exe (file missing)
>>O23 - Service: Symantec Network Drivers Service
>>(SNDSrvc) - Unknown owner - C:\Program Files\Common
>>Files\Symantec Shared\SNDSrvc.exe (file missing)
>>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
>>owner - C:\Program Files\Common Files\Symantec
>>Shared\SPBBC\SPBBCSvc.exe (file missing)
>>O23 - Service: Check Point SecuRemote Service
>>(SR_Service) - Check Point Software Technologies -
>>C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
>>O23 - Service: Check Point SecuRemote WatchDog
>>(SR_WatchDog) - Check Point Software Technologies -
>>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>>O23 - Service: Symantec Core LC - Unknown owner -
>>C:\Program Files\Common Files\Symantec Shared\CCPD-
>>LC\symlcsvc.exe (file missing)
>>
>>
>>I dont know what to do. I hav not purchased Spyware
>>Doctor yet but may have to do so. I also use Spybot,
>>Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
>>and it other little helpers, MS Ati and trying out Pyware
>>Ferret.
>>
>>Any suggestions?
>>Thanks
>>Anthony
>>.
>>
>
> Whew! You got some nasty buggers, let me know if you
> resolve this, because a friend of mine has some similar
> nasties, which I had to give up on.
 
Reply With Quote
 
Ron Chamberlin
Guest
Posts: n/a
 
      23rd Apr 2005
Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files* C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP



*The .tif are Temporary Internet Files, and are stored in a different barn
than 'normal' temp files.
Here's how I kludge thru to them: Open Windows Explorer--->C:\Documents and
Settings. Then it's to the Tool Bar--->Folder Options--->View--->Hidden
Files and Folders and check the box "Show hidden files and folders" > Now
expand C:\Documents and Settings and under each user you will now see a
folder "Local Settings". Open that puppy and choose Temporary Internet
Files. I am not concerned about the cookies therein, but everything else
can go for now.

"Anthony Pierce" <(E-Mail Removed)> wrote in message
news:0d0d01c54624$3d15c110$(E-Mail Removed)...
> Believe it or not, I am diligent about cleaning my system
> daily and use a number ofteh 'better' programs to keepup
> with infections.
> No matter what I do I keep getting this kind ofreport via
> Spyware DR:
>
> Spyware Doctor Activity Report
> Generated on 4/20/2005 8:16:40 PM Spyware Doctor
> Homepage PC Tools Homepage Technical Support
>
>
> Scans (basic information only):
>
> Scan Results:
> scan start: 4/20/2005 8:27:05 PM
> scan stop: 4/20/2005 8:29:21 PM
> scanned items: 20544
> found items: 67
> found and ignored: 0
> tools used: General Scanner, Process Scanner, Hosts
> scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
> Browser Defaults, Favorites and ZoneMap Scanner, Browser
> Scanner, Disk Scanner
>
>
>
> Infection Name Location Risk
> Host file location redirect multiple Medium
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\ProxyStubClsid High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\ProxyStubClsid32 High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
> 00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\0\win32 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\FLAGS High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
> 00105AA5CCFF}\5.0\HELPDIR High
> Alexa HKCU\Software\Microsoft\Internet
> Explorer\MenuExt\Write a Review... Elevated
> SpyMyPc HKCU\Software\Benutec High
> SpyMyPc HKCU\Software\Benutec\Network Mechanic High
> SpyMyPc HKCU\Software\Benutec\RamCleaner High
> Tracking Cookie(s) anthony pierce@network[2].txt Medium
> Advertising anthony pierce@statcounter[1].txt Medium
> Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
> Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
> Medium
> Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
> Tracking Cookie(s) anthony pierce@LPintranets_busdev
> [2].txt Medium
> Tracking Cookie(s) anthony pierce@go[1].txt Medium
> CWS C:\Documents and Settings\Anthony
> Pierce\Favorites\computer support\best-searchengine.com
> web search engine and directory.url High
> Known Bad Sites C:\Documents and Settings\Anthony
> Pierce\Favorites\brainfox affiliate network -faqs.url
> High
> Known Bad Sites C:\Documents and Settings\Anthony
> Pierce\Favorites\domainsponsor.com - affiliate member
> area.url High
> Powersearch Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\a p t i m u s - corporate.url Medium
> Rogue Anti-Spyware Products C:\Documents and
> Settings\Anthony Pierce\Favorites\xoftspy.url High
> Seeq Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\headhunter.com\seeq -- search the web
> for information & resources.url Elevated
> Seeq Toolbar C:\Documents and Settings\Anthony
> Pierce\Favorites\ilm promo file\http--www.seeq.com-
> popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
> .url Elevated
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
> A3DB-080036F12502} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\ProgID High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
> 00105AA5CCFF}\VERSION High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
> 2438-11CF-A3DB-080036F12502} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\ProgID High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\TypeLib High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
> 11D4-B1B5-00105AA5CCFF}\VERSION High
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
> Alexa
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
> ClientMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
> ClientMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
> DailyToolbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 58F9B276-E1CC-458e-8159-21CBC021874B} High
> DailyToolbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
> Elitum EliteBar (Search Miracle)
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107BABCD} Elevated
> Elitum EliteBar (Search Miracle)
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
> FavoriteMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 00000EF1-0786-4633-87C6-1AA7A44296DA} High
> FavoriteMan
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
> NetSource101
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 15589FA1-C456-11CE-BF01-00AA0055595A} Medium
> NetSource101
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
> NewDotNet
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
> NewDotNet
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
> OnlDial.Ole
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107B7A90} High
> OnlDial.Ole
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
> TheSearchMall
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
> TheSearchMall
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> 41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
> WhenU.Search
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
> WhenU.Search
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
> BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
>
>
>
> Sheeez!
>
> Here is my HiJack This report done today:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:34:06 PM, on 4/20/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Unable to get Internet Explorer version!
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\LEXBCES.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\LEXPPS.EXE
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> C:\WINDOWS\system32\cisvc.exe
> C:\Program Files\Ahead\InCD\InCDsrv.exe
> C:\WINDOWS\system32\mgabg.exe
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
> C:\WINDOWS\system32\fxssvc.exe
> C:\WINDOWS\System32\alg.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\WINDOWS\system32\cidaemon.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\Program Files\SpywareGuard\sgmain.exe
> C:\Program Files\SpywareGuard\sgbhp.exe
> C:\Program Files\Symantec\DeepSight
> Extractor\ExtractorService.exe
> C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
> C:\Program Files\Microsoft
> AntiSpyware\GIANTAntiSpywareMain.exe
> C:\WINDOWS\hh.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
> C:\WINDOWS\system32\dwwin.exe
> C:\WINDOWS\system32\drwtsn32.exe
> C:\Program Files\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet
> Explorer\Main,Search Page = www.google.com
> R1 - HKLM\Software\Microsoft\Internet
> Explorer\Main,Search Page = www.google.com
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
> 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
> \ActiveX\AcroIEHelper.dll
> O2 - BHO: SpywareGuard Download Protection - {4A368E80-
> 174F-4872-96B5-0B27DDD11DB2} - C:\Program
> Files\SpywareGuard\dlprotect.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
> 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
> D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
> O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
> 1c2956615786} - C:\Program Files\Google\Google Desktop
> Search\GoogleDesktopIE.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
> 8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
> A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
> 64B5B4FF55D0} - C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll
> O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
> 4b9e-9B19-A37C9A5676A7} - (no file)
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
> 7859DF00B1D6} - (no file)
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
> 009027A5CD4F} - c:\program files\google\googletoolbar2.dll
> O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
> 2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
> 64B5B4FF55D0} - C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll
> O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
> A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
> Toolbar.dll
> O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
> 450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
> O4 - Global Startup: Adobe Reader Speed Launch.lnk =
> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet
> Explorer\Restrictions present
> O6 - HKCU\Software\Policies\Microsoft\Internet
> Explorer\Control Panel present
> O8 - Extra context menu item: &Add animation to
> IncrediMail Style Box - C:\PROGRA~1\INCRED~1
> \bin\resources\WebMenuImg.htm
> O8 - Extra context menu item: &Google Search -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &MSN Search -
> res://C:\Program Files\MSN Toolbar
> Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
> O8 - Extra context menu item: Backward Links -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English -
> res://c:\program
> files\google\GoogleToolbar2.dll/cmtrans.html
> O8 - Extra context menu item: Write a Review... -
> http://client.alexa.com/holiday/scri...ons/review.htm
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
> 00401C608501} - C:\Program Files\Java\jre1.5.0_02
> \bin\npjpi150_02.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
> 4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
> A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
> O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
> 0800200c9a66} - %windir%\bdoscandel.exe (file missing)
> O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
> Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
> windir%\bdoscandel.exe (file missing)
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
> 3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
> 4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
> 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
> 51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
> O12 - Plugin for .wma: C:\Program
> Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
> O15 - Trusted Zone: http://linktrader.cyberspacehq.com
> O15 - Trusted Zone: http://www.msn.com
> O15 - Trusted Zone: http://www.oscommerce.com
> O16 - DPF: ppctlcab -
> http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
> (Symantec AntiVirus scanner) -
> http://security.symantec.com/sscv6/S...tent/vc/bin/Av
> Sniff.cab
> O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
> (PPSDKActiveXScanner.MainScreen) -
> http://ppupdates.ca.com/downloads/scanner/axscanner.cab
> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
> Photo Upload Tool) -
> http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
> O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
> (BDSCANONLINE Control) -
> http://www.bitdefender.com/scan8/oscan8.cab
> O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
> (SpyBouncer.SBDownloader) -
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
> (Symantec RuFSI Utility Class) -
> http://security.symantec.com/sscv6/S...tent/common/bi
> n/cabsa.cab
> O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
> (Install Class) -
> O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
> (WScanCtl Class) -
> http://www3.ca.com/securityadvisor/v...fo/webscan.cab
> O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
> DOM Document 4.0) -
> http://websitecreator.infoquest.com/...ic/activex/msx
> ml4.cab
> O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
> File Upload Control) -
> http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
> (ActiveScan Installer Class) -
> http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
> (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...erSetupDownloa
>der.cab
> O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
> (YAddBook Class) -
> http://us.dl1.yimg.com/download.yaho.../installs/suit
> e/yautocomplete.cab
> O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
> (Symantec RuFSI Registry Information Class) -
> http://security.symantec.com/sscv6/S...tent/common/bi
> n/cabsa.cab
> O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
> Photo Upload Tool) -
> http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
> (ActiveDataInfo Class) -
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
> (ActiveDataObj Class) - https://www-
> secure.symantec.com/techsupp/activedata/ActiveData.cab
> O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
> (QDiagHUpdateObj Class) -
> http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
> O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
> (Microsoft Search Settings Control) -
> http://lg.home.microsoft.com/search/...archsettings.c
> ab
> O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
> (IMDownloader Class) -
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
> Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
> O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
> \ckpNotify.dll
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
> GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
> GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe (file missing)
> O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
> owner - C:\Program Files\Common Files\Symantec
> Shared\ccProxy.exe (file missing)
> O23 - Service: Symantec Password Validation (ccPwdSvc) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe (file missing)
> O23 - Service: Symantec Settings Manager (ccSetMgr) -
> Unknown owner - C:\Program Files\Common Files\Symantec
> Shared\ccSetMgr.exe (file missing)
> O23 - Service: Deepsight Extractor (DeepsightExtractor) -
> Unknown owner - C:\Program Files\Symantec\DeepSight
> Extractor\ExtractorService.exe
> O23 - Service: DeepSight Extractor Service for NPF03
> (ExtractorServiceNPF03) - Unknown owner - C:\Program
> Files\Symantec\DeepSight
> Extractor\ExtractorServiceNPF03.exe
> O23 - Service: DeepSight Extractor Service for NPF04
> (ExtractorServiceNPF04) - Unknown owner - C:\Program
> Files\Symantec\DeepSight
> Extractor\ExtractorServiceNPF04.exe
> O23 - Service: InCD File System Service (InCDsrv) -
> Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
> O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
> Files\Norton Internet Security\ISSVC.exe (file missing)
> O23 - Service: LexBce Server (LexBceS) - Lexmark
> International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
> O23 - Service: MGABGEXE - Matrox Graphics Inc. -
> C:\WINDOWS\system32\mgabg.exe
> O23 - Service: Norton AntiVirus Auto-Protect Service
> (navapsvc) - Unknown owner - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\navapsvc.exe (file
> missing)
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
> \HPZipm12.exe
> O23 - Service: SAVScan - Unknown owner - C:\Program
> Files\Norton Internet Security\Norton
> AntiVirus\SAVScan.exe (file missing)
> O23 - Service: ScriptBlocking Service (SBService) -
> Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
> \SBServ.exe (file missing)
> O23 - Service: Symantec Network Drivers Service
> (SNDSrvc) - Unknown owner - C:\Program Files\Common
> Files\Symantec Shared\SNDSrvc.exe (file missing)
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
> owner - C:\Program Files\Common Files\Symantec
> Shared\SPBBC\SPBBCSvc.exe (file missing)
> O23 - Service: Check Point SecuRemote Service
> (SR_Service) - Check Point Software Technologies -
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
> O23 - Service: Check Point SecuRemote WatchDog
> (SR_WatchDog) - Check Point Software Technologies -
> C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
> O23 - Service: Symantec Core LC - Unknown owner -
> C:\Program Files\Common Files\Symantec Shared\CCPD-
> LC\symlcsvc.exe (file missing)
>
>
> I dont know what to do. I hav not purchased Spyware
> Doctor yet but may have to do so. I also use Spybot,
> Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
> and it other little helpers, MS Ati and trying out Pyware
> Ferret.
>
> Any suggestions?
> Thanks
> Anthony
>
 
Reply With Quote
 
duncan
Guest
Posts: n/a
 
      24th Apr 2005
I have a free full version (via a pc mag ) of spyware dr
and fully recommend it, whens its active it blocks all
cookies (and tell you),and picks up heaps of things.... i
have tried all the free spyware and " the doctor" seems to
be the best....PS...my microsoft antispyware suddenly
froze up and i had to delete the program to stop it maxing
out my cpu for no reason.
>-----Original Message-----
>Believe it or not, I am diligent about cleaning my system
>daily and use a number ofteh 'better' programs to keepup
>with infections.
>No matter what I do I keep getting this kind ofreport via
>Spyware DR:
>
>Spyware Doctor Activity Report
>Generated on 4/20/2005 8:16:40 PM Spyware Doctor
>Homepage PC Tools Homepage Technical Support
>
>
>Scans (basic information only):
>
>Scan Results:
>scan start: 4/20/2005 8:27:05 PM
>scan stop: 4/20/2005 8:29:21 PM
>scanned items: 20544
>found items: 67
>found and ignored: 0
>tools used: General Scanner, Process Scanner, Hosts
>scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
>Browser Defaults, Favorites and ZoneMap Scanner, Browser
>Scanner, Disk Scanner
>
>
>
> Infection Name Location Risk
> Host file location redirect multiple Medium
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\ProxyStubClsid High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\ProxyStubClsid32 High
> 007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
>00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\0 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\0\win32 High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\FLAGS High
> 007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
>00105AA5CCFF}\5.0\HELPDIR High
> Alexa HKCU\Software\Microsoft\Internet
>Explorer\MenuExt\Write a Review... Elevated
> SpyMyPc HKCU\Software\Benutec High
> SpyMyPc HKCU\Software\Benutec\Network Mechanic High
> SpyMyPc HKCU\Software\Benutec\RamCleaner High
> Tracking Cookie(s) anthony pierce@network[2].txt Medium
> Advertising anthony pierce@statcounter[1].txt Medium
> Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
> Tracking Cookie(s) anthony (E-Mail Removed)[1].txt
>Medium
> Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
> Tracking Cookie(s) anthony pierce@LPintranets_busdev
>[2].txt Medium
> Tracking Cookie(s) anthony pierce@go[1].txt Medium
> CWS C:\Documents and Settings\Anthony
>Pierce\Favorites\computer support\best-searchengine.com
>web search engine and directory.url High
> Known Bad Sites C:\Documents and Settings\Anthony
>Pierce\Favorites\brainfox affiliate network -faqs.url
>High
> Known Bad Sites C:\Documents and Settings\Anthony
>Pierce\Favorites\domainsponsor.com - affiliate member
>area.url High
> Powersearch Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\a p t i m u s - corporate.url Medium
> Rogue Anti-Spyware Products C:\Documents and
>Settings\Anthony Pierce\Favorites\xoftspy.url High
> Seeq Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\headhunter.com\seeq -- search the web
>for information & resources.url Elevated
> Seeq Toolbar C:\Documents and Settings\Anthony
>Pierce\Favorites\ilm promo file\http--www.seeq.com-
>popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
>..url Elevated
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
>A3DB-080036F12502} High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\ProgID High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\TypeLib High
> 007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
>00105AA5CCFF}\VERSION High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\Implemented Categories High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
>2438-11CF-A3DB-080036F12502} High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\InprocServer32 High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\ProgID High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\TypeLib High
> 007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
>11D4-B1B5-00105AA5CCFF}\VERSION High
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
> Alexa
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
> ClientMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
> ClientMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
> DailyToolbar
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>58F9B276-E1CC-458e-8159-21CBC021874B} High
> DailyToolbar
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
> Elitum EliteBar (Search Miracle)
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107BABCD} Elevated
> Elitum EliteBar (Search Miracle)
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
> FavoriteMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>00000EF1-0786-4633-87C6-1AA7A44296DA} High
> FavoriteMan
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
> NetSource101
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>15589FA1-C456-11CE-BF01-00AA0055595A} Medium
> NetSource101
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
> NewDotNet
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
> NewDotNet
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
> OnlDial.Ole
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107B7A90} High
> OnlDial.Ole
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
> TheSearchMall
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
> TheSearchMall
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
> WhenU.Search
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
> WhenU.Search
>HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
>BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
>
>
>
>Sheeez!
>
>Here is my HiJack This report done today:
>
>Logfile of HijackThis v1.99.1
>Scan saved at 6:34:06 PM, on 4/20/2005
>Platform: Windows XP SP2 (WinNT 5.01.2600)
>MSIE: Unable to get Internet Explorer version!
>
>Running processes:
>C:\WINDOWS\System32\smss.exe
>C:\WINDOWS\system32\csrss.exe
>C:\WINDOWS\system32\winlogon.exe
>C:\WINDOWS\system32\services.exe
>C:\WINDOWS\system32\lsass.exe
>C:\WINDOWS\system32\svchost.exe
>C:\WINDOWS\system32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\Explorer.EXE
>C:\WINDOWS\system32\LEXBCES.EXE
>C:\WINDOWS\system32\spoolsv.exe
>C:\WINDOWS\system32\LEXPPS.EXE
>C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>C:\WINDOWS\system32\cisvc.exe
>C:\Program Files\Ahead\InCD\InCDsrv.exe
>C:\WINDOWS\system32\mgabg.exe
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>C:\WINDOWS\System32\svchost.exe
>C:\WINDOWS\system32\wdfmgr.exe
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
>C:\WINDOWS\system32\fxssvc.exe
>C:\WINDOWS\System32\alg.exe
>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\WINDOWS\system32\cidaemon.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
>C:\WINDOWS\Explorer.EXE
>C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
>C:\Program Files\SpywareGuard\sgmain.exe
>C:\Program Files\SpywareGuard\sgbhp.exe
>C:\Program Files\Symantec\DeepSight
>Extractor\ExtractorService.exe
>C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
>C:\Program Files\Microsoft
>AntiSpyware\GIANTAntiSpywareMain.exe
>C:\WINDOWS\hh.exe
>C:\Program Files\Internet Explorer\iexplore.exe
>C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
>C:\WINDOWS\system32\dwwin.exe
>C:\WINDOWS\system32\drwtsn32.exe
>C:\Program Files\HijackThis.exe
>
>R1 - HKCU\Software\Microsoft\Internet
>Explorer\Main,Search Page = www.google.com
>R1 - HKLM\Software\Microsoft\Internet
>Explorer\Main,Search Page = www.google.com
>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
>784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
>\ActiveX\AcroIEHelper.dll
>O2 - BHO: SpywareGuard Download Protection - {4A368E80-
>174F-4872-96B5-0B27DDD11DB2} - C:\Program
>Files\SpywareGuard\dlprotect.dll
>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
>206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
>D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
>O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
>1c2956615786} - C:\Program Files\Google\Google Desktop
>Search\GoogleDesktopIE.dll
>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
>8333-CF10577473F7} - c:\program
>files\google\googletoolbar2.dll
>O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
>A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
>4b9e-9B19-A37C9A5676A7} - (no file)
>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
>7859DF00B1D6} - (no file)
>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
>009027A5CD4F} - c:\program files\google\googletoolbar2.dll
>O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
>2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
>O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
>64B5B4FF55D0} - C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll
>O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
>A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
>Toolbar.dll
>O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
>450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>Files\Real\Update_OB\realsched.exe" -osboot
>O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
>O4 - Global Startup: Adobe Reader Speed Launch.lnk =
>C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>O6 - HKCU\Software\Policies\Microsoft\Internet
>Explorer\Restrictions present
>O6 - HKCU\Software\Policies\Microsoft\Internet
>Explorer\Control Panel present
>O8 - Extra context menu item: &Add animation to
>IncrediMail Style Box - C:\PROGRA~1\INCRED~1
>\bin\resources\WebMenuImg.htm
>O8 - Extra context menu item: &Google Search -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmsearch.html
>O8 - Extra context menu item: &MSN Search -
>res://C:\Program Files\MSN Toolbar
>Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
>O8 - Extra context menu item: Backward Links -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmbacklinks.html
>O8 - Extra context menu item: Cached Snapshot of Page -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmcache.html
>O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
>O8 - Extra context menu item: Similar Pages -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmsimilar.html
>O8 - Extra context menu item: Translate into English -
>res://c:\program
>files\google\GoogleToolbar2.dll/cmtrans.html
>O8 - Extra context menu item: Write a Review... -
>http://client.alexa.com/holiday/scri...ons/review.htm
>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
>00401C608501} - C:\Program Files\Java\jre1.5.0_02
>\bin\npjpi150_02.dll
>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
>4FCB-11CF-AAA5-00401C608501} - C:\Program
>Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
>O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
>A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
>0800200c9a66} - %windir%\bdoscandel.exe (file missing)
>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
>Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
>windir%\bdoscandel.exe (file missing)
>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
>3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
>O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
>4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
>00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
>O9 - Extra 'Tools' menuitem: Windows Messenger -
>{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>Files\Messenger\msmsgs.exe
>O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
>51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
>O12 - Plugin for .wma: C:\Program
>Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
>O15 - Trusted Zone: http://linktrader.cyberspacehq.com
>O15 - Trusted Zone: http://www.msn.com
>O15 - Trusted Zone: http://www.oscommerce.com
>O16 - DPF: ppctlcab -
>http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
>(Symantec AntiVirus scanner) -
>http://security.symantec.com/sscv6/S...tent/vc/bin/Av
>Sniff.cab
>O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
>(PPSDKActiveXScanner.MainScreen) -
>http://ppupdates.ca.com/downloads/scanner/axscanner.cab
>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
>Photo Upload Tool) -
>http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
>(BDSCANONLINE Control) -
>http://www.bitdefender.com/scan8/oscan8.cab
>O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
>(SpyBouncer.SBDownloader) -
>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
>(Symantec RuFSI Utility Class) -
>http://security.symantec.com/sscv6/S...tent/common/bi
>n/cabsa.cab
>O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
>(Install Class) -
>O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
>(WScanCtl Class) -
>http://www3.ca.com/securityadvisor/v...fo/webscan.cab
>O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
>DOM Document 4.0) -
>http://websitecreator.infoquest.com/...ic/activex/msx
>ml4.cab
>O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
>File Upload Control) -
>http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
>O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
>(ActiveScan Installer Class) -
>http://www.pandasoftware.com/activescan/as5/asinst.cab
>O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
>(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
>(MsnMessengerSetupDownloadControl Class) -
>http://messenger.msn.com/download/Ms...erSetupDownloa
>der.cab
>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
>(YAddBook Class) -
>http://us.dl1.yimg.com/download.yaho.../installs/suit
>e/yautocomplete.cab
>O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
>(Symantec RuFSI Registry Information Class) -
>http://security.symantec.com/sscv6/S...tent/common/bi
>n/cabsa.cab
>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
>Photo Upload Tool) -
>http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
>(ActiveDataInfo Class) -
>O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
>(ActiveDataObj Class) - https://www-
>secure.symantec.com/techsupp/activedata/ActiveData.cab
>O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
>(QDiagHUpdateObj Class) -
>http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
>O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
>(Microsoft Search Settings Control) -
>http://lg.home.microsoft.com/search/...archsettings.c
>ab
>O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
>(IMDownloader Class) -
>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
>Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
>O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
>\ckpNotify.dll
>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
>O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
>GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
>O23 - Service: Symantec Event Manager (ccEvtMgr) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccEvtMgr.exe (file missing)
>O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
>owner - C:\Program Files\Common Files\Symantec
>Shared\ccProxy.exe (file missing)
>O23 - Service: Symantec Password Validation (ccPwdSvc) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccPwdSvc.exe (file missing)
>O23 - Service: Symantec Settings Manager (ccSetMgr) -
>Unknown owner - C:\Program Files\Common Files\Symantec
>Shared\ccSetMgr.exe (file missing)
>O23 - Service: Deepsight Extractor (DeepsightExtractor) -
>Unknown owner - C:\Program Files\Symantec\DeepSight
>Extractor\ExtractorService.exe
>O23 - Service: DeepSight Extractor Service for NPF03
>(ExtractorServiceNPF03) - Unknown owner - C:\Program
>Files\Symantec\DeepSight
>Extractor\ExtractorServiceNPF03.exe
>O23 - Service: DeepSight Extractor Service for NPF04
>(ExtractorServiceNPF04) - Unknown owner - C:\Program
>Files\Symantec\DeepSight
>Extractor\ExtractorServiceNPF04.exe
>O23 - Service: InCD File System Service (InCDsrv) -
>Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
>O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
>Files\Norton Internet Security\ISSVC.exe (file missing)
>O23 - Service: LexBce Server (LexBceS) - Lexmark
>International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
>O23 - Service: MGABGEXE - Matrox Graphics Inc. -
>C:\WINDOWS\system32\mgabg.exe
>O23 - Service: Norton AntiVirus Auto-Protect Service
>(navapsvc) - Unknown owner - C:\Program Files\Norton
>Internet Security\Norton AntiVirus\navapsvc.exe (file
>missing)
>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
>\HPZipm12.exe
>O23 - Service: SAVScan - Unknown owner - C:\Program
>Files\Norton Internet Security\Norton
>AntiVirus\SAVScan.exe (file missing)
>O23 - Service: ScriptBlocking Service (SBService) -
>Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
>\SBServ.exe (file missing)
>O23 - Service: Symantec Network Drivers Service
>(SNDSrvc) - Unknown owner - C:\Program Files\Common
>Files\Symantec Shared\SNDSrvc.exe (file missing)
>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
>owner - C:\Program Files\Common Files\Symantec
>Shared\SPBBC\SPBBCSvc.exe (file missing)
>O23 - Service: Check Point SecuRemote Service
>(SR_Service) - Check Point Software Technologies -
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
>O23 - Service: Check Point SecuRemote WatchDog
>(SR_WatchDog) - Check Point Software Technologies -
>C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
>O23 - Service: Symantec Core LC - Unknown owner -
>C:\Program Files\Common Files\Symantec Shared\CCPD-
>LC\symlcsvc.exe (file missing)
>
>
>I dont know what to do. I hav not purchased Spyware
>Doctor yet but may have to do so. I also use Spybot,
>Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
>and it other little helpers, MS Ati and trying out Pyware
>Ferret.
>
>Any suggestions?
>Thanks
>Anthony
>.
>
 
Reply With Quote
 
 
 
Reply

« Spyware returns after removal ... | removed msn.com from startpage list -> unable to get into msn hotmail etc »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Continued Subform Problems =?Utf-8?B?RnJlZWhhbDA0?= Microsoft Access Getting Started 2 22nd May 2007 09:48 PM
!com_ms_osp_ospmrshl_releaseByValExternal Continued problems =?Utf-8?B?SmVmZjQ4Mg==?= Windows XP Internet Explorer 3 9th Jun 2006 07:10 PM
Continued Problems with Browser Hijacking Security and Anti-Spyware Community 1 4th Apr 2005 07:48 PM
re: Continued Spyware Occurences Mike Kelly Spyware Application Compatibility 9 19th Mar 2005 04:24 PM
Continued problems with IE 6 Lisa Windows XP Internet Explorer 1 7th Aug 2003 08:06 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 07:20 AM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top