A
Anthony Pierce
Believe it or not, I am diligent about cleaning my system
daily and use a number ofteh 'better' programs to keepup
with infections.
No matter what I do I keep getting this kind ofreport via
Spyware DR:
Spyware Doctor Activity Report
Generated on 4/20/2005 8:16:40 PM Spyware Doctor
Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 4/20/2005 8:27:05 PM
scan stop: 4/20/2005 8:29:21 PM
scanned items: 20544
found items: 67
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts
scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
Browser Defaults, Favorites and ZoneMap Scanner, Browser
Scanner, Disk Scanner
Infection Name Location Risk
Host file location redirect multiple Medium
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid32 High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0\win32 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\FLAGS High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\HELPDIR High
Alexa HKCU\Software\Microsoft\Internet
Explorer\MenuExt\Write a Review... Elevated
SpyMyPc HKCU\Software\Benutec High
SpyMyPc HKCU\Software\Benutec\Network Mechanic High
SpyMyPc HKCU\Software\Benutec\RamCleaner High
Tracking Cookie(s) anthony pierce@network[2].txt Medium
Advertising anthony pierce@statcounter[1].txt Medium
Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
Tracking Cookie(s) anthony (e-mail address removed)[1].txt
Medium
Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
Tracking Cookie(s) anthony pierce@LPintranets_busdev
[2].txt Medium
Tracking Cookie(s) anthony pierce@go[1].txt Medium
CWS C:\Documents and Settings\Anthony
Pierce\Favorites\computer support\best-searchengine.com
web search engine and directory.url High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\brainfox affiliate network -faqs.url
High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\domainsponsor.com - affiliate member
area.url High
Powersearch Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\a p t i m u s - corporate.url Medium
Rogue Anti-Spyware Products C:\Documents and
Settings\Anthony Pierce\Favorites\xoftspy.url High
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\headhunter.com\seeq -- search the web
for information & resources.url Elevated
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\ilm promo file\http--www.seeq.com-
popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
..url Elevated
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
A3DB-080036F12502} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\InprocServer32 High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\ProgID High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\VERSION High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
2438-11CF-A3DB-080036F12502} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\InprocServer32 High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\ProgID High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\TypeLib High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\VERSION High
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B} High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD} Elevated
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA} High
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A} Medium
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90} High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
Sheeez!
Here is my HiJack This report done today:
Logfile of HijackThis v1.99.1
Scan saved at 6:34:06 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\hh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
1c2956615786} - C:\Program Files\Google\Google Desktop
Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
Toolbar.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search -
res://C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... -
http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02
\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.oscommerce.com
O16 - DPF: ppctlcab -
http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/Av
Sniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
(SpyBouncer.SBDownloader) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
(Install Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
(WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
DOM Document 4.0) -
http://websitecreator.infoquest.com/app/static/activex/msx
ml4.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
File Upload Control) -
http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloa
der.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
(YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suit
e/yautocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
(Microsoft Search Settings Control) -
http://lg.home.microsoft.com/search/lobby/searchsettings.c
ab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IMDownloader Class) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
\ckpNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe (file missing)
O23 - Service: Deepsight Extractor (DeepsightExtractor) -
Unknown owner - C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03
(ExtractorServiceNPF03) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04
(ExtractorServiceNPF04) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF04.exe
O23 - Service: InCD File System Service (InCDsrv) -
Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Unknown owner - C:\Program Files\Norton
Internet Security\Norton AntiVirus\navapsvc.exe (file
missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) -
Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Check Point SecuRemote Service
(SR_Service) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog
(SR_WatchDog) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe (file missing)
I dont know what to do. I hav not purchased Spyware
Doctor yet but may have to do so. I also use Spybot,
Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
and it other little helpers, MS Ati and trying out Pyware
Ferret.
Any suggestions?
Thanks
Anthony
daily and use a number ofteh 'better' programs to keepup
with infections.
No matter what I do I keep getting this kind ofreport via
Spyware DR:
Spyware Doctor Activity Report
Generated on 4/20/2005 8:16:40 PM Spyware Doctor
Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 4/20/2005 8:27:05 PM
scan stop: 4/20/2005 8:29:21 PM
scanned items: 20544
found items: 67
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts
scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
Browser Defaults, Favorites and ZoneMap Scanner, Browser
Scanner, Disk Scanner
Infection Name Location Risk
Host file location redirect multiple Medium
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\ProxyStubClsid32 High
007 Keylogger HKCR\Interface\{95FAF493-3FB1-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\0\win32 High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\FLAGS High
007 Keylogger HKCR\TypeLib\{332B82D3-3ED6-11D4-B1B5-
00105AA5CCFF}\5.0\HELPDIR High
Alexa HKCU\Software\Microsoft\Internet
Explorer\MenuExt\Write a Review... Elevated
SpyMyPc HKCU\Software\Benutec High
SpyMyPc HKCU\Software\Benutec\Network Mechanic High
SpyMyPc HKCU\Software\Benutec\RamCleaner High
Tracking Cookie(s) anthony pierce@network[2].txt Medium
Advertising anthony pierce@statcounter[1].txt Medium
Tracking Cookie(s) anthony pierce@bravenet[2].txt Medium
Tracking Cookie(s) anthony (e-mail address removed)[1].txt
Medium
Tracking Cookie(s) anthony pierce@70482683[1].txt Medium
Tracking Cookie(s) anthony pierce@LPintranets_busdev
[2].txt Medium
Tracking Cookie(s) anthony pierce@go[1].txt Medium
CWS C:\Documents and Settings\Anthony
Pierce\Favorites\computer support\best-searchengine.com
web search engine and directory.url High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\brainfox affiliate network -faqs.url
High
Known Bad Sites C:\Documents and Settings\Anthony
Pierce\Favorites\domainsponsor.com - affiliate member
area.url High
Powersearch Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\a p t i m u s - corporate.url Medium
Rogue Anti-Spyware Products C:\Documents and
Settings\Anthony Pierce\Favorites\xoftspy.url High
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\headhunter.com\seeq -- search the web
for information & resources.url Elevated
Seeq Toolbar C:\Documents and Settings\Anthony
Pierce\Favorites\ilm promo file\http--www.seeq.com-
popupwrapper.jspreferrer=&domain=loudmouth.net&direct=true
..url Elevated
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\Implemented Categories\{40FC6ED5-2438-11CF-
A3DB-080036F12502} High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\InprocServer32 High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\ProgID High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\TypeLib High
007 Keylogger HKCR\CLSID\{332B82DC-3ED6-11D4-B1B5-
00105AA5CCFF}\VERSION High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\Implemented Categories\{40FC6ED5-
2438-11CF-A3DB-080036F12502} High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\InprocServer32 High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\ProgID High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\TypeLib High
007 Keylogger HKLM\Software\Classes\CLSID\{332B82DC-3ED6-
11D4-B1B5-00105AA5CCFF}\VERSION High
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}\iexplore Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333} Elevated
Alexa
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
F1FABE79-25FC-46de-8C5A-2C6DB9D64333}\iexplore Elevated
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB} High
ClientMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\iexplore High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B} High
DailyToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
58F9B276-E1CC-458e-8159-21CBC021874B}\iexplore High
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD} Elevated
Elitum EliteBar (Search Miracle)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107BABCD}\iexplore Elevated
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA} High
FavoriteMan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
00000EF1-0786-4633-87C6-1AA7A44296DA}\iexplore High
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A} Medium
NetSource101
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
15589FA1-C456-11CE-BF01-00AA0055595A}\iexplore Medium
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\iexplore High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90} High
OnlDial.Ole
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
02C20140-76F8-4763-83D5-B660107B7A90}\iexplore High
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D} Medium
TheSearchMall
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
41D13E9A-BB94-402A-8502-AFA78526B63D}\iexplore Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Medium
WhenU.Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{
BA2325ED-F9EB-4830-8FCE-0BC35B16969B}\iexplore
Sheeez!
Here is my HiJack This report done today:
Logfile of HijackThis v1.99.1
Scan saved at 6:34:06 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
C:\Program Files\Uninstaller\Tenebril Uninstaller.exe
C:\Program Files\Microsoft
AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\hh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\MSSSRT.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-
D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-
1c2956615786} - C:\Program Files\Google\Google Desktop
Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-
8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-
A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-
4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Prozilla Toolbar - {A0C6B099-30FA-4464-B098-
2686D8BC7340} - C:\PROGRA~1\PROZIL~1\PROZIL~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-
A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper
Toolbar.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-
450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search -
res://C:\Program Files\MSN Toolbar
Suite\TB\02.00.0000.1180\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... -
http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02
\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-
A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-
0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online
Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Whois - {F3EB5C85-D3AE-4a5f-81A8-
4F685F6BC84E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-
51E5083BE3D9} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.oscommerce.com
O16 - DPF: ppctlcab -
http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/Av
Sniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C}
(SpyBouncer.SBDownloader) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
(Install Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
(WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML
DOM Document 4.0) -
http://websitecreator.infoquest.com/app/static/activex/msx
ml4.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN
File Upload Control) -
http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D}
(CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloa
der.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
(YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suit
e/yautocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN
Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3}
(Microsoft Search Settings Control) -
http://lg.home.microsoft.com/search/lobby/searchsettings.c
ab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IMDownloader Class) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32
\ckpNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Unknown owner - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe (file missing)
O23 - Service: Deepsight Extractor (DeepsightExtractor) -
Unknown owner - C:\Program Files\Symantec\DeepSight
Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03
(ExtractorServiceNPF03) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04
(ExtractorServiceNPF04) - Unknown owner - C:\Program
Files\Symantec\DeepSight
Extractor\ExtractorServiceNPF04.exe
O23 - Service: InCD File System Service (InCDsrv) -
Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program
Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Unknown owner - C:\Program Files\Norton
Internet Security\Norton AntiVirus\navapsvc.exe (file
missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32
\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) -
Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1
\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown
owner - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Check Point SecuRemote Service
(SR_Service) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog
(SR_WatchDog) - Check Point Software Technologies -
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe (file missing)
I dont know what to do. I hav not purchased Spyware
Doctor yet but may have to do so. I also use Spybot,
Adaware, SpywareGuard, Bug Doctor, got rid of SpyBouncer
and it other little helpers, MS Ati and trying out Pyware
Ferret.
Any suggestions?
Thanks
Anthony
) the information that Ron Kinner