AntiSpyware Beta1 Hangs out of Virtual Memory

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

at Scaning registry:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversi
on\explorer\browser helper objects\{00000000-0000-0000-
000000000000}

At the point it hands there have been found
some "spyware" that NO other program finds. Maybe this is
good maybe it is bad.

At any rate how can I remove what is found and/or
eliminate the program hanging with 100% CPU used and out
of virtual memory?

OS = WinXP Pro SP1 with updates
MEM = 512Meg
HD = 58.8 w/18.8 gig unused

Tom
 
Hi Tom

Its hard to know whats causing this but I'm going to take
a guess ;)

Check your add/remove screen for CommonName and remove if
found

Download Ccleaner to remove all the temp' and usused
files from your system:

http://www.ccleaner.com/ccdownload.asp


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Delete this folder if found :

C:\Program Files\CommonName <- Folder

Run Ccleaner and press "Run Cleaner"

Then Run MS Antispy again on a full system scan and
remove anything found

Then reboot back to normal mode


If this isn't CommonName and the scan in safe mode doesnt
help let us know anything thats being detected then we
can deal with them to help MS Antispy run smoother. This
maybe Wintools/Huntbar but I do not think they use the
BHO entry you post but let us know if you have problems

Regards

Andy
 
Joe,

If it would be helpful I have a DxDiag and screenshot of
the Spyware screen when it hung. I cannot attach them to
news group mail (I don't think?)...

Tom
 
Andy,
Thank you for the ideas. This is what I've done.

1) No CommonName in add/delete programs
2) No CommonName folder
3) Search "Common" no CommonName found
4) Reboot in Safe w/Networking Mode
5) Run CCLEANER
6) Run AntiSpyware Beta 1
a. Find attached items - fewer then last pass
b. Hung in same spot scanning registry keys after
scanning 7252 registry keys

Here is what was found. Too bad it hung and I could not
delete them
Trojan.Startup.NameShifter.DC (3 Signatures)
Trojan.BHO.NameShifter.T (336 Signatures)
eXact.Downloader Trojan Downloader
IST.ISTbar.ActiveX Spyware
AvenueMedia.DyFuCA (22 signatures)
SurfSideKick Settings Modifyer
Topconverting.SPEYLOD Adware
IST.ISTbar (20 signatures)
CommonName Settings Modifier

I'm sure the problem like many computer problems is not
hard to fix only hard to find!!1

Tom
 
Tom

Thanks for the addition info on this, We can do this
through emails as that will be easier now I can see all
the problems, Ive just replied to your email but still
not checked the attached file you sent then came on here
and now I see CommonName is being detected by MS Antispy
but also alot of other problems, I need to see a Hijack
This log to make this easier as there is obviously
malware files running and malicious ActiveX installed so
using Hijack This we can take out all the problems and
then delete the files and use some scanners to clean up,

Chat to you soon

Andy
 
Its clear why MS Antispy is having problems, There is
alot of malware on this system including a Trojan running
as a Windows service and alot of malicious BHO's and
registered dll files.

Ive addressed most of this with you Tom through email and
with you saying Hijack This is giving errors messages
when its run I will need to see a new Hijack This log
after you follow the steps Ive sent, Ive covered all the
area's except the BHO's for now untill we can get a log
without error's to be sure all these really do exist on
your system.

For anyone else thats interested in this here is the
Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:13 PM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\edspfkvq.exe
C:\WINDOWS\System32\gkijotgg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\vptray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\BacsTray.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Zinio\ZINIOD~2.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defau
lts/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-0000-0000-0000-
000000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-09F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-18F5-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-46F5-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-6CF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-83F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C0C-89F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C1C-09F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C1C-6CF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C1C-C0F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C1C-F8F4-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C2C-7CF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C2C-8EF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C2C-94F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C2C-FCF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C3C-0EF5-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C3C-7BF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C3C-C0F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C3C-E9F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C4C-1EF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C4C-2DF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C4C-30F6-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C4C-83F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C4C-B7F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C5C-82F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C5C-86F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C5C-CFF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C5C-D4F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C6C-70F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C7C-3FF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C7C-89F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C7C-95F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C7C-C4F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C8C-4DF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C8C-56F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C8C-A4F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C8C-DBF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-09F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-0DF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-49F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-58F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-82F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-9BF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8C9C-B1F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CAC-1EF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CAC-59F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CAC-BDF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CAC-DBF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CBC-14F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CBC-2AF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CBC-5EF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CBC-7DF6-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CBC-86F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CCC-49F6-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CCC-FCF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-3BF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-58F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-5DF3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-64F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-7CF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-C2F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CDC-EEF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-04F5-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-1EF3-86B8-
4F8000000000} - C:\WINDOWS\System32\elbsbwzm.dll
O2 - BHO: (no name) - {00000000-8CEC-2EF5-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-57F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-7DF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-81F6-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-99F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-A6F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-ACF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CEC-E7F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CFC-05F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CFC-18F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CFC-46F3-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CFC-7FF2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {00000000-8CFC-86F2-86B8-
4F8000000000} - (no file)
O2 - BHO: (no name) - {02A9B1AF-FA78-8F55-E813-
79AC63E93DAC} - (no file)
O2 - BHO: (no name) - {02ED3B71-C797-B4DB-35AC-
290173BB8B57} - C:\WINDOWS\System32\jcybrrfc.dll
O2 - BHO: (no name) - {045B6D0E-1643-A457-3E41-
BA7DBEF2FA05} - C:\WINDOWS\System32\ivqqyjgh.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0D716366-6E08-3A36-1B74-
C78B359375F7} - C:\WINDOWS\System32\nzohzogs.dll
O2 - BHO: (no name) - {0F7A4037-9717-A9A2-AB67-
E4F974F0A0AC} - (no file)
O2 - BHO: (no name) - {12E67A3D-9521-3435-1D18-
F5F08CFDED59} - C:\WINDOWS\System32\dfqdlqvl.dll
O2 - BHO: (no name) - {1474E082-F626-659A-4FF1-
53ED5D1A1B36} - C:\WINDOWS\System32\mkkqwzir.dll
O2 - BHO: (no name) - {1613A562-4F61-2E49-8DE7-
6CD55AD2BFFE} - C:\WINDOWS\System32\pvipeeso.dll
O2 - BHO: (no name) - {173135B1-7554-F07E-C040-
2464F3EEE741} - (no file)
O2 - BHO: (no name) - {18300A05-DE93-90DB-B33A-
1E67C389EFF8} - C:\WINDOWS\System32\vpiqfvbn.dll
O2 - BHO: (no name) - {18F79A1D-752E-E30E-34FF-
9B561E48D0BD} - C:\WINDOWS\System32\iowkmzgu.dll
O2 - BHO: (no name) - {1DD7BD3D-8C68-9A7C-4E0D-
218601867084} - C:\WINDOWS\System32\jmdirnpr.dll
O2 - BHO: (no name) - {1E7B20FF-3879-E219-D882-
639D3E862924} - C:\WINDOWS\System32\pzgmlavc.dll
O2 - BHO: (no name) - {1F19F7E9-40F9-8984-CD59-
6E71B0373047} - C:\WINDOWS\System32\hjmtmaff.dll
O2 - BHO: (no name) - {285BFA91-4B57-3163-93D6-
620B195A7F19} - C:\WINDOWS\System32\lcemwkni.dll
O2 - BHO: (no name) - {3214CC72-FA7B-5FAB-3EC6-
A620AB1EBD05} - (no file)
O2 - BHO: (no name) - {3555F295-1BDD-87B4-6F74-
895D78B51515} - (no file)
O2 - BHO: (no name) - {3B3DAEF0-B223-FD4F-C4BF-
BAC89AF7D1F3} - C:\WINDOWS\System32\onlpdjnc.dll
O2 - BHO: (no name) - {4082DC47-CA2D-5E99-ACC9-
31C4D58DEAB1} - C:\WINDOWS\System32\nfejface.dll
O2 - BHO: (no name) - {42622627-5992-E8BB-DE14-
8962715BE6F1} - (no file)
O2 - BHO: (no name) - {4642ED85-462D-6CC0-0BA4-
3F0D985F31E3} - C:\WINDOWS\System32\nfyfttnp.dll
O2 - BHO: (no name) - {475B27B5-E655-6D17-C110-
97436CD11403} - C:\WINDOWS\System32\mvmucyff.dll
O2 - BHO: (no name) - {49CA0B1C-4AD5-06F3-8291-
9E4C03A1AE03} - C:\WINDOWS\System32\szdbszau.dll
O2 - BHO: (no name) - {5D71F9A3-FEB6-7293-FD31-
DE62D1746A9E} - C:\WINDOWS\System32\mvzrekpg.dll
O2 - BHO: (no name) - {61CA28E7-0159-2254-D876-
532B6E4FD806} - C:\WINDOWS\System32\evlsdxit.dll
O2 - BHO: (no name) - {63E52570-AF1D-D180-1049-
0B4E24C2C05B} - (no file)
O2 - BHO: (no name) - {6505D32A-30BE-BDE8-B359-
C55FDA22A9A4} - C:\WINDOWS\System32\iooyojyp.dll
O2 - BHO: (no name) - {71598069-6FB2-5528-C1B9-
4AA63672488B} - C:\WINDOWS\System32\rnemvglp.dll
O2 - BHO: (no name) - {71C6A408-D603-F1C8-1B9C-
FD7D58A24471} - (no file)
O2 - BHO: (no name) - {73F4697A-C267-74BB-A73B-
EA82515BFB3A} - C:\WINDOWS\System32\ccdowoid.dll
O2 - BHO: (no name) - {7494C5DC-4D7F-ABAA-7D45-
D986F10608CA} - C:\WINDOWS\System32\crhuqmst.dll
O2 - BHO: (no name) - {77E7FC8C-9EEF-D5FF-E2F9-
0E4B542805B1} - (no file)
O2 - BHO: (no name) - {78537AAF-71A7-6C09-C9F4-
5D117A9E043F} - (no file)
O2 - BHO: (no name) - {788FF0ED-A487-C883-7D5B-
ADBC6ACCB595} - (no file)
O2 - BHO: (no name) - {7FB5BA17-587A-69C9-D925-
745645DDC9F4} - (no file)
O2 - BHO: (no name) - {805E8F05-0FD5-1517-3232-
67D96BE18527} - (no file)
O2 - BHO: (no name) - {83C76515-CD6C-21C3-6DFC-
2019C31EF132} - (no file)
O2 - BHO: (no name) - {8609E8DF-14E1-5C1C-065D-
1878694A8F45} - C:\WINDOWS\System32\dwvrcvps.dll
O2 - BHO: (no name) - {863264D6-2C10-332A-85D5-
85F4D08A46B9} - C:\WINDOWS\System32\kcgvlrif.dll
O2 - BHO: (no name) - {87EEE9C1-94AC-FE1B-2C2F-
0DDAB72412AB} - C:\WINDOWS\System32\onpkgjsr.dll
O2 - BHO: (no name) - {8823ACD0-FCDA-5C76-35DA-
6B7B6D4EFE40} - C:\WINDOWS\System32\oapklyiw.dll
O2 - BHO: (no name) - {897A32D9-E4AC-85E9-B5E2-
7FFE068FC7CB} - C:\WINDOWS\System32\iveydvpi.dll
O2 - BHO: (no name) - {8BB558FC-602D-F399-6679-
7C068A4F352D} - C:\WINDOWS\System32\nnzaqidd.dll
O2 - BHO: (no name) - {8DC9C9E5-D24E-C6C9-3A88-
CEF90D2396FA} - C:\WINDOWS\System32\ipekltzs.dll
O2 - BHO: (no name) - {8E2F1A1E-7A3D-F761-325B-
08535B26FAFD} - C:\WINDOWS\System32\ebfbtgqj.dll
O2 - BHO: (no name) - {A01D539E-4F32-7547-8B23-
45285283B698} - C:\WINDOWS\System32\jbtsrguo.dll
O2 - BHO: (no name) - {A0E688B8-CF92-F164-F113-
B2E2A1D22DE1} - C:\WINDOWS\System32\ncsuussu.dll
O2 - BHO: (no name) - {AEEF4CAD-680F-72E4-0ED5-
BAF5E07AC2FE} - C:\WINDOWS\System32\wevmizcu.dll
O2 - BHO: (no name) - {B4A8F8AB-E3E0-7B31-15CE-
4F7728E698D7} - C:\WINDOWS\System32\qhzkhttx.dll
O2 - BHO: (no name) - {B4AEC008-1472-84E9-3AFA-
513CBD9842DC} - (no file)
O2 - BHO: (no name) - {B786E699-866C-4626-C5D4-
2B6F8FE20EA6} - (no file)
O2 - BHO: (no name) - {B7A7DB25-8FDA-7DE7-525F-
C3F024B42AA3} - C:\WINDOWS\System32\oqdvuilu.dll
O2 - BHO: (no name) - {B89F73B5-E9EA-22E5-5809-
C72283B74640} - C:\WINDOWS\System32\uujdzmol.dll (file
missing)
O2 - BHO: (no name) - {B8C5FC76-3F54-55B5-BEF6-
0D13E44B2B1C} - C:\WINDOWS\System32\eqgshdok.dll
O2 - BHO: (no name) - {B9CCF110-D3A1-BF96-F0B0-
812C29093517} - C:\WINDOWS\System32\qchxzqub.dll
O2 - BHO: (no name) - {BA43817B-F38D-5430-08F9-
53BEC4858163} - C:\WINDOWS\System32\zvmdfwab.dll
O2 - BHO: (no name) - {BA726186-E62C-7051-996A-
069F01BF5C34} - C:\WINDOWS\System32\cgujlnpl.dll
O2 - BHO: (no name) - {BB08CAB5-1703-6BE0-298D-
C845C96E3CF0} - C:\WINDOWS\System32\oygwtson.dll
O2 - BHO: (no name) - {BC4FDB86-0B48-5534-D67D-
AEE57B75570C} - C:\WINDOWS\System32\rkhgswtr.dll
O2 - BHO: (no name) - {BC6B6C36-BFBA-6B88-A4B1-
F50330C97894} - C:\WINDOWS\System32\pmnzzntn.dll
O2 - BHO: (no name) - {BE4566C3-089B-9E7E-6CC7-
98DE1AD4C97B} - C:\WINDOWS\System32\cdhidwxt.dll
O2 - BHO: (no name) - {BFAEEDFF-4F2B-667A-8E42-
8A2D8B29C8CF} - C:\WINDOWS\System32\bimdglxq.dll
O2 - BHO: (no name) - {C04D419E-7A56-C63F-3912-
9DC9E99FE70E} - C:\WINDOWS\System32\xvtdycxy.dll
O2 - BHO: (no name) - {C095BEA3-0479-D922-495B-
BCFCD192DEA2} - C:\WINDOWS\System32\xtxbchxk.dll
O2 - BHO: (no name) - {C7B435C1-0976-7DEE-7446-
1C25E646B2A9} - C:\WINDOWS\System32\nvqzrnye.dll
O2 - BHO: (no name) - {C854A979-38D2-1617-FA78-
1DD0370F70AB} - C:\WINDOWS\System32\ufoqarya.dll
O2 - BHO: (no name) - {C880D186-6E56-6A80-D714-
2A2117BC1CA7} - C:\WINDOWS\System32\nhkggwah.dll
O2 - BHO: (no name) - {CA083A0B-AFBD-0D3F-EE4D-
66D506ADC5EB} - (no file)
O2 - BHO: (no name) - {CCBAF492-78E4-8029-207B-
3B13DC7FEFC4} - C:\WINDOWS\System32\khvruaal.dll
O2 - BHO: (no name) - {CCE369AA-9EE0-A0D9-647B-
5093115A3BA6} - C:\WINDOWS\System32\fuljtgcj.dll
O2 - BHO: (no name) - {D0770B02-7C53-055E-10F2-
9AC005377967} - C:\WINDOWS\System32\yjdasrog.dll
O2 - BHO: (no name) - {D137D368-22A6-FC25-70AF-
92461CF31AB3} - C:\WINDOWS\System32\bsytsqrj.dll
O2 - BHO: (no name) - {D21603CE-D656-4079-2B04-
51337AC509F7} - C:\WINDOWS\System32\vwkskhqd.dll
O2 - BHO: (no name) - {D5CAC08D-5774-D832-17CD-
1F8F8FE43BE9} - (no file)
O2 - BHO: (no name) - {D724DCA2-E957-F707-B4C3-
2518696874C3} - C:\WINDOWS\System32\rlnaitba.dll
O2 - BHO: (no name) - {D8C23904-74ED-AEF5-89CD-
941C8A1301D2} - C:\WINDOWS\System32\rsypcrtq.dll
O2 - BHO: (no name) - {DC2EBB02-51F6-1E98-68D0-
7DBE87B3CD48} - C:\WINDOWS\System32\nzhsuhmd.dll
O2 - BHO: (no name) - {DE7DA19C-815E-B8D8-A1F3-
C6C2B321935C} - C:\WINDOWS\System32\qcwkdshy.dll
O2 - BHO: (no name) - {DE897551-F44C-91FA-8ACD-
EEC5D9CAD5B2} - (no file)
O2 - BHO: (no name) - {DF71111A-DA89-614E-0BDE-
BB6685E21212} - C:\WINDOWS\System32\zeucwera.dll
O2 - BHO: (no name) - {DFC09B61-47FE-B672-D012-
465E5E09C113} - C:\WINDOWS\System32\wrviyhcy.dll
O2 - BHO: (no name) - {E0F7289A-D079-78B2-3377-
A389D4184A3A} - C:\WINDOWS\System32\hddufhhs.dll
O2 - BHO: (no name) - {E2E62109-8C90-5A41-BD84-
CA6B131343A1} - (no file)
O2 - BHO: (no name) - {F1C5ECF5-F915-7DB7-95E9-
A3192B37C279} - C:\WINDOWS\System32\osmespdn.dll
O2 - BHO: (no name) - {F2431834-9950-FBC7-7290-
BEA9A75EA0ED} - C:\WINDOWS\System32\txosopue.dll
O2 - BHO: (no name) - {F4A9D0A3-C5F5-B783-8735-
7350678402CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32
\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile
PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program
Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [edspfkvq] C:\WINDOWS\System32
\edspfkvq.exe
O4 - HKLM\..\Run: [gkijotgg] C:\WINDOWS\System32
\gkijotgg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program
Files\Symantec_Client_Security\Symantec
AntiVirus\vptray.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32
\DSentry.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1
\Zinio\ZINIOD~2.EXE /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - Startup: GatherPlace Launcher.lnk = C:\Program
Files\GatherWorks\OmniView\GPAgent.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\Dell\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_04
\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: ATLApplicationLocatorAXInstall -
http://24.123.240.54/LaunchVCPC.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623}
(AlternaTIFF ActiveX) -
http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD}
(Stamps.com Secure Postal Account Registration) -
https://secure.stamps.com/download/us/registration/3_0_0_8
34/sdcregie.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
(MiniBugTransporterX Class) -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/Mini
BugTransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yins
t20040510.cab
O16 - DPF: {324FDCCE-2C0B-41F8-8EB0-6263A24A8323} -
http://support.gatherworks.com/client/omniview.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU
LiveUpdate Control) -
http://ctmexpress.fvc.com/ctmexpress/runtime/pic/inner_pic
/packages/liveupdate.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/28a63e026ab488531d20/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en
/x86/client/wuweb_site.cab?1121976293913
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloa
der.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
(iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetec
tor.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
(GpcContainer Class) -
https://vbricksupport.webex.com/client/v_mywebex-
t20/webex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
(McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-
us/tools/mcfscan/2,0,0,4571/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
westcoast.fvc.com
O17 - HKLM\Software\..\Telephony: DomainName =
westcoast.fvc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70C263-09DA-
4E87-B32B-C60311667373}: NameServer =
213.166.0.210,213.166.0.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
westcoast.fvc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
westcoast.fvc.com
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-
E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32
\NavLogon.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM,
Inc. - C:\Program Files\Dell\Bluetooth
Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation -
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Miscrosoft Updates Service 6 (MsUpdate6) -
Unknown owner - C:\WINDOWS\System32\msupd6.exe
023 - Service: Symantec AntiVirus Client (Norton
AntiVirus Server) - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle
Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe


The trojan is called Microsoft Updates Service 6 and
there is probably Qoologic here as well but hopefully the
Ewido scanner will identify exactly what these random
files and random BHO's are as NameShifter doesnt explain
much :o)

Let me know how you get on Tom and send me a new log
after completing them steps I emailed so we can address
the BHO entries.


Regards

Andy
 
AndyManchesta said:
Its clear why MS Antispy is having problems, There is
alot of malware on this system including a Trojan running
as a Windows service and alot of malicious BHO's and
registered dll files.
Click to expand...

The trojan is called Microsoft Updates Service 6 and
there is probably Qoologic here as well but hopefully the
Ewido scanner will identify exactly what these random
files and random BHO's are as NameShifter doesnt explain
much :o)

Let me know how you get on Tom and send me a new log
after completing them steps I emailed so we can address
the BHO entries.
Click to expand...
Andy,

That's one very impressive log file.<g>

Recently I ran across a utility named ToolbarCop. It's from Ramesh
Srinivasan
Microsoft MVP - Windows Shell/User.
http://windowsxp.mvps.org/

The program can create a log file that would be useful in forums such as
this one. It would be interesting to see if it would be useful in this case.

I've copied my own log file below to give a idea what it's like.

Bob Vanderveen

----------------------------------------
n/a
Browser Extension
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
Enabled
All Users
----------------------------------------
ATI TV
Browser Extension
{44226DFF-747E-4EDC-B30C-78752E50CD0C}
F:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
Enabled
All Users
----------------------------------------
&Address
Toolbar
{01E04581-4EEE-11D0-BFE9-00AA005B4383}
%SystemRoot%\system32\browseui.dll
Enabled
Current User
----------------------------------------
&Links
Toolbar
{0E5CBF21-D15F-11D0-8301-00AA005B4383}
%SystemRoot%\system32\browseui.dll
Enabled
Current User
----------------------------------------
&Radio
Toolbar
{8E718888-423F-11D2-876E-00A0C9082467}
F:\WINNT\system32\msdxm.ocx
Enabled
All Users
----------------------------------------
Norton AntiVirus
Toolbar
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
F:\Program Files\Norton AntiVirus\NavShExt.dll
Enabled
All Users
----------------------------------------
AcroIEHlprObj Class
BHO
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Enabled
All Users
----------------------------------------
CNavExtBho Class
BHO
{BDF3E430-B101-42AD-A544-FADC6B084872}
F:\Program Files\Norton AntiVirus\NavShExt.dll
Enabled
All Users
----------------------------------------
&Highlight
Menu Extension

F:\WINNT\WEB\highlight.htm
Enabled
Current User
----------------------------------------
&Links List
Menu Extension

F:\WINNT\WEB\urllist.htm
Enabled
Current User
----------------------------------------
&Web Search
Menu Extension

F:\WINNT\WEB\selsearch.htm
Enabled
Current User
----------------------------------------
I&mages List
Menu Extension

F:\WINNT\Web\imglist.htm
Enabled
Current User
----------------------------------------
Open Frame in &New Window
Menu Extension

F:\WINNT\WEB\frm2new.htm
Enabled
Current User
----------------------------------------
Zoom &In
Menu Extension

F:\WINNT\WEB\zoomin.htm
Enabled
Current User
----------------------------------------
Zoom O&ut
Menu Extension

F:\WINNT\WEB\zoomout.htm
Enabled
Current User
----------------------------------------
ATI Launchpad
Run - Startup

"F:\Program Files\ATI Multimedia\main\launchpd.exe"
Enabled
Current User
----------------------------------------
AtiPTA
Run - Startup

atiptaxx.exe
Enabled
All Users
----------------------------------------
Zone Labs Client
Run - Startup

F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Enabled
All Users
----------------------------------------
Adaptec DirectCD
Run - Startup

F:\PROGRA~1\Adaptec\DirectCD\directcd.exe
Enabled
All Users
----------------------------------------
gcasServ
Run - Startup

"F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Enabled
All Users
----------------------------------------
MouseElf
Run - Startup

F:\Program Files\KYE\Genius Net Mouse Pro\MouseElf.exe
Enabled
All Users
----------------------------------------
SunJavaUpdateSched
Run - Startup

F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Enabled
All Users
----------------------------------------
ccApp
Run - Startup

"F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Enabled
All Users
----------------------------------------
SSC_UserPrompt
Run - Startup

F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Enabled
All Users
----------------------------------------
Symantec NetDriver Monitor
Run - Startup

F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Enabled
All Users
----------------------------------------
Synchronization Manager
Run - Startup

mobsync.exe /logon
Enabled
All Users
----------------------------------------
Synchronization Manager
Run - Startup

mobsync.exe /logon
Disabled
All Users
 
Slight mistake there I get so used to writing microsoft I
forgot it wasnt called this, The trojan is "Miscrosoft"
Updates Service 6 which I believe is Trojan.Lodmedud but
not heard back from Tom so will have to wait for some
more info before we can get this cleaned up,

I assume MS Antispy is getting abit confused
at all these BHO's and the reason they are there if there
isnt a file associated with them, I know I am but also
Hijack This is giving error messages so Id like to see a
new log before removing them all to be safe.
 
Hey Bob,

Thankyou for the info' , Ive never used ToolbarCop but
can see what you mean it would be very usefull in getting
details on system entries and looks very user friendly so
will try this out on my system and then try in on an
infected pc.

Im sure we can get this system clean without problems but
Id like to know exactly what Im looking at first and
maybe Tom is working through the steps which was
basically to remove the entris MSAS detected from
add/remove, remove the trojan service then delete the
file, remove the 2 random files from the run folder using
HJT then reboot & delete the files and remove some
ActiveX entries then run AV & Antispy scanners and post
the logs. He may also be receiving help from other forums
so will leave it with him and if he needs more help we
can remove the junk.

Toolbarcop could help us with the BHO part if we have
problems, I'll have to wait for a response first though
and then take it from there if the entries still exist.

Thanks again

Regards Andy
 
Ancy, et al,

I think I have probably provided you all the info I can
via e-mail. Since the ToolbarCop was new to all of us I
thought it might be cool to run it and paste the log in
here for all to see.


The error I get from AntiSpy is on (or so it appears)

BHO
{00000000-0000-0000-0000-000000000000}
(empty)
Enabled
All Users


Tom
----------------------------------------
n/a
Browser Extension
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
Enabled
All Users
----------------------------------------
Research
Browser Extension
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Enabled
All Users
----------------------------------------
&Address
Toolbar
{01E04581-4EEE-11D0-BFE9-00AA005B4383}
%SystemRoot%\System32\browseui.dll
Enabled
Current User
----------------------------------------
&Links
Toolbar
{0E5CBF21-D15F-11D0-8301-00AA005B4383}
%SystemRoot%\system32\SHELL32.dll
Enabled
Current User
----------------------------------------
(Empty)
Toolbar
{014DA6C9-189F-421A-88CD-07CFE51CFF10}
(empty)
Enabled
Current User
----------------------------------------
Yahoo! Toolbar
Toolbar
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
C:\Program Files\Yahoo!\Companion\Installs\cpn0
\ycomp5_5_7_0.dll
Enabled
Current User
----------------------------------------
&Radio
Toolbar
{8E718888-423F-11D2-876E-00A0C9082467}
C:\WINDOWS\System32\msdxm.ocx
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-0000-0000-0000-000000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-09F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-18F5-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-46F5-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-6CF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-83F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C0C-89F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C1C-09F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C1C-6CF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C1C-C0F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C1C-F8F4-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C2C-7CF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C2C-8EF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C2C-94F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C2C-FCF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C3C-0EF5-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C3C-7BF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C3C-C0F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C3C-E9F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C4C-1EF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C4C-2DF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C4C-30F6-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C4C-83F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C4C-B7F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C5C-82F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C5C-86F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C5C-CFF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C5C-D4F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C6C-70F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C7C-3FF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C7C-89F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C7C-95F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C7C-C4F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C8C-4DF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C8C-56F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C8C-A4F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C8C-DBF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-09F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-0DF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-49F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-58F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-82F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-9BF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8C9C-B1F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CAC-1EF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CAC-59F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CAC-BDF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CAC-DBF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CBC-14F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CBC-2AF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CBC-5EF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CBC-7DF6-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CBC-86F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CCC-49F6-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CCC-FCF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-3BF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-58F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-5DF3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-64F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-7CF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-C2F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CDC-EEF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-04F5-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-1EF3-86B8-4F8000000000}
C:\WINDOWS\System32\elbsbwzm.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-2EF5-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-57F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-7DF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-81F6-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-99F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-A6F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-ACF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CEC-E7F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CFC-05F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CFC-18F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CFC-46F3-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CFC-7FF2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{00000000-8CFC-86F2-86B8-4F8000000000}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{02A9B1AF-FA78-8F55-E813-79AC63E93DAC}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{02ED3B71-C797-B4DB-35AC-290173BB8B57}
C:\WINDOWS\System32\jcybrrfc.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{045B6D0E-1643-A457-3E41-BA7DBEF2FA05}
C:\WINDOWS\System32\ivqqyjgh.dll
Enabled
All Users
----------------------------------------
AcroIEHlprObj Class
BHO
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
Enabled
All Users
----------------------------------------
(Empty)
BHO
{0D716366-6E08-3A36-1B74-C78B359375F7}
C:\WINDOWS\System32\nzohzogs.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{0F7A4037-9717-A9A2-AB67-E4F974F0A0AC}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{12E67A3D-9521-3435-1D18-F5F08CFDED59}
C:\WINDOWS\System32\dfqdlqvl.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{1474E082-F626-659A-4FF1-53ED5D1A1B36}
C:\WINDOWS\System32\mkkqwzir.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{1613A562-4F61-2E49-8DE7-6CD55AD2BFFE}
C:\WINDOWS\System32\pvipeeso.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{173135B1-7554-F07E-C040-2464F3EEE741}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{18300A05-DE93-90DB-B33A-1E67C389EFF8}
C:\WINDOWS\System32\vpiqfvbn.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{18F79A1D-752E-E30E-34FF-9B561E48D0BD}
C:\WINDOWS\System32\iowkmzgu.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{1DD7BD3D-8C68-9A7C-4E0D-218601867084}
C:\WINDOWS\System32\jmdirnpr.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{1E7B20FF-3879-E219-D882-639D3E862924}
C:\WINDOWS\System32\pzgmlavc.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{1F19F7E9-40F9-8984-CD59-6E71B0373047}
C:\WINDOWS\System32\hjmtmaff.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{285BFA91-4B57-3163-93D6-620B195A7F19}
C:\WINDOWS\System32\lcemwkni.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{3214CC72-FA7B-5FAB-3EC6-A620AB1EBD05}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{3555F295-1BDD-87B4-6F74-895D78B51515}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{3B3DAEF0-B223-FD4F-C4BF-BAC89AF7D1F3}
C:\WINDOWS\System32\onlpdjnc.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{4082DC47-CA2D-5E99-ACC9-31C4D58DEAB1}
C:\WINDOWS\System32\nfejface.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{42622627-5992-E8BB-DE14-8962715BE6F1}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{4642ED85-462D-6CC0-0BA4-3F0D985F31E3}
C:\WINDOWS\System32\nfyfttnp.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{475B27B5-E655-6D17-C110-97436CD11403}
C:\WINDOWS\System32\mvmucyff.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{49CA0B1C-4AD5-06F3-8291-9E4C03A1AE03}
C:\WINDOWS\System32\szdbszau.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{5D71F9A3-FEB6-7293-FD31-DE62D1746A9E}
C:\WINDOWS\System32\mvzrekpg.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{61CA28E7-0159-2254-D876-532B6E4FD806}
C:\WINDOWS\System32\evlsdxit.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{63E52570-AF1D-D180-1049-0B4E24C2C05B}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{6505D32A-30BE-BDE8-B359-C55FDA22A9A4}
C:\WINDOWS\System32\iooyojyp.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{71598069-6FB2-5528-C1B9-4AA63672488B}
C:\WINDOWS\System32\rnemvglp.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{71C6A408-D603-F1C8-1B9C-FD7D58A24471}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{73F4697A-C267-74BB-A73B-EA82515BFB3A}
C:\WINDOWS\System32\ccdowoid.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{7494C5DC-4D7F-ABAA-7D45-D986F10608CA}
C:\WINDOWS\System32\crhuqmst.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{77E7FC8C-9EEF-D5FF-E2F9-0E4B542805B1}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{78537AAF-71A7-6C09-C9F4-5D117A9E043F}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{788FF0ED-A487-C883-7D5B-ADBC6ACCB595}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{7FB5BA17-587A-69C9-D925-745645DDC9F4}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{805E8F05-0FD5-1517-3232-67D96BE18527}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{83C76515-CD6C-21C3-6DFC-2019C31EF132}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{8609E8DF-14E1-5C1C-065D-1878694A8F45}
C:\WINDOWS\System32\dwvrcvps.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{863264D6-2C10-332A-85D5-85F4D08A46B9}
C:\WINDOWS\System32\kcgvlrif.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{87EEE9C1-94AC-FE1B-2C2F-0DDAB72412AB}
C:\WINDOWS\System32\onpkgjsr.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{8823ACD0-FCDA-5C76-35DA-6B7B6D4EFE40}
C:\WINDOWS\System32\oapklyiw.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{897A32D9-E4AC-85E9-B5E2-7FFE068FC7CB}
C:\WINDOWS\System32\iveydvpi.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{8BB558FC-602D-F399-6679-7C068A4F352D}
C:\WINDOWS\System32\nnzaqidd.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{8DC9C9E5-D24E-C6C9-3A88-CEF90D2396FA}
C:\WINDOWS\System32\ipekltzs.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{8E2F1A1E-7A3D-F761-325B-08535B26FAFD}
C:\WINDOWS\System32\ebfbtgqj.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{A01D539E-4F32-7547-8B23-45285283B698}
C:\WINDOWS\System32\jbtsrguo.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{A0E688B8-CF92-F164-F113-B2E2A1D22DE1}
C:\WINDOWS\System32\ncsuussu.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{AEEF4CAD-680F-72E4-0ED5-BAF5E07AC2FE}
C:\WINDOWS\System32\wevmizcu.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B4A8F8AB-E3E0-7B31-15CE-4F7728E698D7}
C:\WINDOWS\System32\qhzkhttx.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B4AEC008-1472-84E9-3AFA-513CBD9842DC}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B786E699-866C-4626-C5D4-2B6F8FE20EA6}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B7A7DB25-8FDA-7DE7-525F-C3F024B42AA3}
C:\WINDOWS\System32\oqdvuilu.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B89F73B5-E9EA-22E5-5809-C72283B74640}
C:\WINDOWS\System32\uujdzmol.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B8C5FC76-3F54-55B5-BEF6-0D13E44B2B1C}
C:\WINDOWS\System32\eqgshdok.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{B9CCF110-D3A1-BF96-F0B0-812C29093517}
C:\WINDOWS\System32\qchxzqub.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BA43817B-F38D-5430-08F9-53BEC4858163}
C:\WINDOWS\System32\zvmdfwab.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BA726186-E62C-7051-996A-069F01BF5C34}
C:\WINDOWS\System32\cgujlnpl.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BB08CAB5-1703-6BE0-298D-C845C96E3CF0}
C:\WINDOWS\System32\oygwtson.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BC4FDB86-0B48-5534-D67D-AEE57B75570C}
C:\WINDOWS\System32\rkhgswtr.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BC6B6C36-BFBA-6B88-A4B1-F50330C97894}
C:\WINDOWS\System32\pmnzzntn.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BE4566C3-089B-9E7E-6CC7-98DE1AD4C97B}
C:\WINDOWS\System32\cdhidwxt.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{BFAEEDFF-4F2B-667A-8E42-8A2D8B29C8CF}
C:\WINDOWS\System32\bimdglxq.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{C04D419E-7A56-C63F-3912-9DC9E99FE70E}
C:\WINDOWS\System32\xvtdycxy.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{C095BEA3-0479-D922-495B-BCFCD192DEA2}
C:\WINDOWS\System32\xtxbchxk.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{C7B435C1-0976-7DEE-7446-1C25E646B2A9}
C:\WINDOWS\System32\nvqzrnye.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{C854A979-38D2-1617-FA78-1DD0370F70AB}
C:\WINDOWS\System32\ufoqarya.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{C880D186-6E56-6A80-D714-2A2117BC1CA7}
C:\WINDOWS\System32\nhkggwah.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{CA083A0B-AFBD-0D3F-EE4D-66D506ADC5EB}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{CCBAF492-78E4-8029-207B-3B13DC7FEFC4}
C:\WINDOWS\System32\khvruaal.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{CCE369AA-9EE0-A0D9-647B-5093115A3BA6}
C:\WINDOWS\System32\fuljtgcj.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D0770B02-7C53-055E-10F2-9AC005377967}
C:\WINDOWS\System32\yjdasrog.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D137D368-22A6-FC25-70AF-92461CF31AB3}
C:\WINDOWS\System32\bsytsqrj.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D21603CE-D656-4079-2B04-51337AC509F7}
C:\WINDOWS\System32\vwkskhqd.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D5CAC08D-5774-D832-17CD-1F8F8FE43BE9}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D724DCA2-E957-F707-B4C3-2518696874C3}
C:\WINDOWS\System32\rlnaitba.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{D8C23904-74ED-AEF5-89CD-941C8A1301D2}
C:\WINDOWS\System32\rsypcrtq.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{DC2EBB02-51F6-1E98-68D0-7DBE87B3CD48}
C:\WINDOWS\System32\nzhsuhmd.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{DE7DA19C-815E-B8D8-A1F3-C6C2B321935C}
C:\WINDOWS\System32\qcwkdshy.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{DE897551-F44C-91FA-8ACD-EEC5D9CAD5B2}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{DF71111A-DA89-614E-0BDE-BB6685E21212}
C:\WINDOWS\System32\zeucwera.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{DFC09B61-47FE-B672-D012-465E5E09C113}
C:\WINDOWS\System32\wrviyhcy.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{E0F7289A-D079-78B2-3377-A389D4184A3A}
C:\WINDOWS\System32\hddufhhs.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{E2E62109-8C90-5A41-BD84-CA6B131343A1}
(empty)
Enabled
All Users
----------------------------------------
(Empty)
BHO
{F1C5ECF5-F915-7DB7-95E9-A3192B37C279}
C:\WINDOWS\System32\osmespdn.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{F2431834-9950-FBC7-7290-BEA9A75EA0ED}
C:\WINDOWS\System32\txosopue.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{F4A9D0A3-C5F5-B783-8735-7350678402CB}
(empty)
Enabled
All Users
----------------------------------------
E&xport to Microsoft Excel
Menu Extension

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Enabled
Current User
----------------------------------------
Send To &Bluetooth
Menu Extension

C:\Program Files\Dell\Bluetooth
Software\btsendto_ie_ctx.htm
Enabled
Current User
----------------------------------------
msnmsgr
Run - Startup

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Enabled
Current User
----------------------------------------
Zinio DLM
Run - Startup

C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide
Enabled
Current User
----------------------------------------
ctfmon.exe
Run - Startup

C:\WINDOWS\System32\ctfmon.exe
Enabled
Current User
----------------------------------------
DwlClient
Run - Startup

C:\Program Files\Common Files\Dell\EUSW\Support.exe
Enabled
All Users
----------------------------------------
KernelFaultCheck
Run - Startup

%systemroot%\system32\dumprep 0 -k
Enabled
All Users
----------------------------------------
TkBellExe
Run - Startup

"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
Enabled
All Users
----------------------------------------
QuickTime Task
Run - Startup

"C:\Program Files\QuickTime\qttask.exe" -atboottime
Enabled
All Users
----------------------------------------
WatchDog
Run - Startup

C:\Program Files\mobile PhoneTools\WatchDog.exe
Enabled
All Users
----------------------------------------
PCTVOICE
Run - Startup

pctspk.exe
Enabled
All Users
----------------------------------------
Apoint
Run - Startup

C:\Program Files\Apoint\Apoint.exe
Enabled
All Users
----------------------------------------
NvCplDaemon
Run - Startup

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Enabled
All Users
----------------------------------------
nwiz
Run - Startup

nwiz.exe /installquiet
Enabled
All Users
----------------------------------------
IntelliPoint
Run - Startup

"C:\Program Files\Microsoft IntelliPoint\point32.exe"
Enabled
All Users
----------------------------------------
iTunesHelper
Run - Startup

C:\Program Files\iTunes\iTunesHelper.exe
Enabled
All Users
----------------------------------------
SunJavaUpdateSched
Run - Startup

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Enabled
All Users
----------------------------------------
gcasServ
Run - Startup

"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Enabled
All Users
----------------------------------------
vptray
Run - Startup

C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\vptray.exe
Enabled
All Users
----------------------------------------
LogitechVideoTray
Run - Startup

C:\Program Files\Logitech\Video\LogiTray.exe
Enabled
All Users
----------------------------------------
LogitechVideoRepair
Run - Startup

C:\Program Files\Logitech\Video\ISStart.exe
Enabled
All Users
----------------------------------------
DVDSentry
Run - Startup

C:\WINDOWS\System32\DSentry.exe
Enabled
All Users
----------------------------------------
bacstray
Run - Startup

BacsTray.exe
Enabled
All Users
----------------------------------------
atwtusb
Run - Startup

atwtusb.exe beta
Enabled
All Users
----------------------------------------
AdaptecDirectCD
Run - Startup

"C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe"
Enabled
All Users
----------------------------------------
TrojanScanner
Run - Startup

C:\Program Files\Trojan Remover\Trjscan.exe
Enabled
All Users
 
Hi Tom

You sent the original log but then I never heard back
from you after I replied asking for you to fix some
entries and ActiveX and run scanners and post back the
logs so I thought you found the solution elsewhere,

Its good the see the random files are not in your run
folder now but the BHO's shouldnt be there and we need to
remove them all so wanted a new Hijack Log so we can do
this, Hijack This will remove the BHO entries and also
remove the file associated to it if it exists so its a
easy way to fix things,

The Toolbar cop log does help as it shows the permissions
are open for these BHO's so we shouldnt have a problem
removing them. The Ewido scan and Antivirus scan was to
search for other malware before we clean up the BHO's.

Hijack This is good but there is always certain area's
that are missed by Hijack This and ToolBar Cop as this
takes a similar reading from the registry so scanners
like Ewido and AV scans are always the first step in
cases like this. Im not sure how easy Toolbar Cop can
deal with these files so I'd still like to do this using
Hijack This because of the amount of malicious BHO's you
have (Approx' 160) and even though they say no file they
still need removing, Im not sure if you managed to stop
the Trojan service and remove the file associated to it
but a new Hijack Log would show this and we can repeat
the steps if needed.

If you send the logs and follow the steps Im sure we
could have this resolved within a few hours and then MS
Antispy would run without causing you problems but its up
to you how you want to deal with this, Bob may be able to
give advise if you want to do this using Toolbar Cop as
Ive still not tested this on malware entries plus HJT
would show ActiveX and running services and Ewido etc..
would scan for malware so this is important to make sure
your problems do not come back.

Im happy to help where I can Tom so let me know if you
need more advise with this.

Chat to you later

Andy
 
Back
Top