hjt log

**philentropy** · 11-04-2006, 08:58 AM

Hi,

I wanst able to save the log file for the Pandascan I did. The computer froze everytime I did it. 'I agree' at the BitDefender site was not hyperlinked therfore I couldn't use it (when I clicked it nothing happened). Kaspersky Online Virus Scan did not work either. I have had an issue with setting my computer to Administrative Privileges. In User Accounts in Control Panel both accounts have been set to Administrative Priveleges. I am the only one who uses this computer and I don't know why I have this issue.

CWShredder System Report

**** Run Keys ****

RUN: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4 I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
RUN: [qcr40486] "RUNDLL32.EXE" w20c5d8c.dll,n 002404840000000320c5d8c
RUN: [w20cc6f4.dll] "RUNDLL32.EXE" w20cc6f4.dll,I2 00240484020cc6f4
RUN: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
RUN: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
RUN: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
RUN: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
RUN: [CAS2] "C:\Program Files\System Files\System.exe"
RUN: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
RUN: [Lflwn] C:\Program Files\Common Files\??stem\d?xplore.exe
RUN: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
RUN: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
RUN: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
RUN: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q

**** Browser Helper Objects ****

BHO: [Yahoo! Toolbar Helper] C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: [PCTools Site Guard] C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
BHO: [PCTools Site Guard] C:\WINNT\system32\awtqn.dll
BHO: [PCTools Browser Monitor] C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

**** IE Toolbars ****

TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll
TOOLBAR: [Alcohol Toolbar] C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
TOOLBAR: [Yahoo! Toolbar] C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

**** IE Extensions ****

IEExt: [Spyware Doctor]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost

**** IE Settings ****

Default Page: http://go.microsoft.com/fwlink/?LinkId=54729
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: C:\WINNT\system32\blank.htm
Search Page:

**** IE Context Menu (Right click) ****

IEContext: [&Search] http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD Pgm (RDM)
LSP: MSAFD Pgm (Stream)
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55F26CE3-C0B4-4DFE-98AC-CF6FD9FDEF2F}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55F26CE3-C0B4-4DFE-98AC-CF6FD9FDEF2F}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14C14218-855D-40EC-BDDC-5D92A1A119AF}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14C14218-855D-40EC-BDDC-5D92A1A119AF}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{47FD192E-CFC9-43AB-AB15-67166485D229}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{47FD192E-CFC9-43AB-AB15-67166485D229}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5858246E-CE0C-46CA-9CB9-A94F0FC66577}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5858246E-CE0C-46CA-9CB9-A94F0FC66577}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0EF9538D-F301-446E-880D-9E3C5E7E1CDD}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0EF9538D-F301-446E-880D-9E3C5E7E1CDD}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{659C5976-B1B1-403C-89F2-F1ED1E5D604B}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{659C5976-B1B1-403C-89F2-F1ED1E5D604B}] DATAGRAM 3

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\dajava.cab]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [C:\Program Files\Yahoo!\Common\yinsthelper.dll] C:\Program Files\Yahoo!\Common\yinsthelper.dll
{31564D57-0000-0010-8000-00AA00389B71} [http://codecs.microsoft.com/codecs/i386/wmvax.cab]
{32564D57-0000-0010-8000-00AA00389B71} [http://codecs.microsoft.com/codecs/i386/wmv8ax.cab]
{33564D57-9980-0010-8000-00AA00389B71} [http://download.microsoft.com/downlo...C/wmv9dmo.cab]
{3451DEDE-631F-421C-8127-FD793AFC6CC8} [http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab]
{44990200-3C9D-426D-81DF-AAB636FA4345} [http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab]
{44990301-3C9D-426D-81DF-AAB636FA4345} [http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.microsoft.com/windowsu...1134880047125]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [http://update.microsoft.com/microsof...1133155693185]
{74CD40EA-EF77-4BAD-808A-B5982DA73F20} [http://yax-download.yazzle.net/Yazzl...ab?refid=1123] C:\WINNT\system32\msvcrt.dll C:\WINNT\system32\olepro32.dll C:\WINNT\Downloaded Program Files\YazzleActiveX.ocx
{88D969C0-F192-11D4-A65F-0040963251E5} [file://C:\TempEI4\EI40_\msxml4.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/...31_04-win.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.co...26.7769791667]
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...31_04-win.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub...h/swflash.cab]
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} [http://www.gamespot.com/KDX22/download/kdx.cab]

**** Windows Services ****

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page]
IEOPT: [Disable Script Debugger] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [Q261272] yes
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Check_Associations] No
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi] {°Æ
IEOPT: [FormSuggest Passwords] no
IEOPT: [AutoSearch]
IEOPT: [Default_Page_Url] http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
IEOPT: [Default_Search_Url] http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IEOPT: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IEOPT: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [HistoryViewType]
IEOPT: [Use Search Assistant] no
IEOPT: [FavChevron] NO
IEOPT: [Local Page] C:\WINNT\system32\blank.htm
IEOPT: [Use Search Asst] no
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [RunOnceHasShown]
IEOPT: [AutoHide] yes
IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=54729
IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk

Logfile of HijackThis v1.99.1
Scan saved at 8:13:50 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\MAFWTray.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {C4A9B596-1E0A-4FEE-AED0-E6934B24B2C9} - C:\WINNT\system32\awtqn.dll (file missing)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINNT\system32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4 I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [qcr40486] "RUNDLL32.EXE" w20c5d8c.dll,n 002404840000000320c5d8c
O4 - HKLM\..\Run: [w20cc6f4.dll] "RUNDLL32.EXE" w20cc6f4.dll,I2 00240484020cc6f4
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [Lflwn] C:\Program Files\Common Files\??stem\d?xplore.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINNT\system32\xeymi.dll
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

**jholland1964** · 11-04-2006, 10:36 AM

Hi philentropy,
I recommend that you PRINT these instructions in order to follow them correctly and make things easier.

Your HJT log does show multiple entries for malware/spyware. It also shows you are running two anti-virus program, Norton and AVG Free. This is an absolute No-No. First you must UNINSTALL AVG. I am recommending this one be uninstalled because Norton is a pay for program so you obviously have purchased this program. Now a caution here, if your Norton subscription has expired and you installed AVG to take it's place then UNINSTALL the Norton. But ONE of them must go immediately. I also stress UNINSTALL, DO NOT just delete. Go first to Add/Remove and go through the full removal process for whichever program you choose to remove. Once you have followed all those steps then do a file search by going to Start, Run Search, Files and Folders and search for all files related to whichever product you have uninstalled. If it is Norton then search for all files named Norton and Symantec. If it is AVG then do a search for all files AVG.
Also go to Add/Remove and search for a program called Spywarebot.
Now chances are you may not find it there but look anyway and if you do find it then UNINSTALL it.
If you do not find it there then double click My Computer, Double Click "C" drive.
Once in "C" drive then go to C:\Program Files\ and double click the Program Files folder. Look there for the Spywarebot folder. Open that folder and see if there is an Uninstall option there. If there is, use it. If not then close that Spywarebot folder and delete it.

Now once you have done all of the above, and if some of the steps cannot be completed yet don't worry about it now but do try them all, I want you to go to this LINK

Follow the steps given there, including the Enabling of Hidden Files and Folders and learning how to boot to Safe Mode if you do not know how to do this.

Then I want you to download all of the programs listed there...AdAwareSE, including the Vx2 removal add-on, SpyBot Search & Destroy(notice the difference but similarity to the name of the program above I wanted you to remove. THIS program is the legitimate removal program, the one above is NOT. Also download CCleaner, and the AVG Anti-spyware program. Install all of them. Then update all of them AND also update your Norton program. Do not run any of these yet, just install and update. They may ask if you want to scan now, say NO.

For the time being do not worry about doing the online scans listed in the link since you are having problems running them at this time.

Shut down your computer.
Unplug from the internet. I mean literally remove the internet plug from the back of the computer.
Reboot the computer in SAFE MODE.
Once the computer is booted into SAFE MODE then go to Add/Remove and look for the following programs and Remove if they are listed;
PSHope
TClock
If either tells you that you must reboot say no, that you will do it later.
Once you have done that;
Run a FULL SYSTEM scan with your Norton Anti-virus and Fix everything found.

Next open and RUN CCleaner with the default options to clean out temporary files. Only use the Default Scan (Windows Tab) and select Run Cleaner. Do not run any other options from other tabs.

Open SpyBotSD and Click “Check for Problems.” Allow SpyBot to fix what it finds.
Open Ad-Aware SE Personal and Click START > Check the Perform full system scan box > Click NEXT. Allow Ad-Aware to fix what it finds.
Next run the Vx2 Plug-in on AdAwareSE.

Run the optional but recommended AVG Anti-Spyware, please OPEN EWIDO and click Scanner > Complete System Scan.
Allow it to fix what it finds and click on Save Report. Save the log to where it can be easily found and please attach it along with your HijackThis log when you post back.

After you have completed the above steps then Double Click My Computer.
Double Click "C" Drive.
Once in "C" Drive go to the following folders and delete the items noted in RED. I repeat, just the entry noted in RED not the entire folder;

C:\WINNT\system32\wfxqhv.exe
C:\Program Files\System Files\System.exe
C:\Program Files\PSHope\PSHope.exe
C:\Program Files\Common Files\??stem\d?xplore.exe
C:\Program Files\TClock\tclock_install.exe

If you cannot locate any of the above please note it and move on to the next one.

Once you have completed all the steps given then shut down the computer. Re-attach the internet hook up to the computer.
Reboot the computer to NORMAL mode.

With ALL browsers CLOSED run a new HJT scan and save the log.
Then come back here and post the new HJT log AND the Ewido log here and we can see if other steps need to be taken.

**philentropy** · 11-04-2006, 07:26 PM

Which do i DELETE SpywareBlaster of SpyBot? There isn't a Spywarebot folder or application on my computer? I think you mix the names together. Thanks for the help so far.

**jholland1964** · 11-04-2006, 08:06 PM

The entry I refer to is the one below. Your log does not show SpywareBlaster running. I assure you, this program, spywarebot IS on the computer and set to run at the Startup of the computer.

It shows in both the CWSShredder scan here;
RUN: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot

and in your HiJackThis scan here;
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot

I find NO indication, in either log of the program SpywareBlaster(which IS an excellent program).

**philentropy** · 11-06-2006, 05:33 PM

Spywarebot is not listed in Add Remove nor is it in C:/Program Files. So how should it be removed?

**philentropy** · 11-06-2006, 05:41 PM

Windows Defender says that I have Trojan BHO.JV

If you notice in the original HJT scan I had at least one BHO. I used HJT to fix the BHO. I believe the BHO stopped me from viewing a few common websites such as google, yahoo, craigslist... After following your instructions, I am not able to view these sites again.

I wasnt able to find AdAwareSE Vx2 Plug-in at the link that you gave.

I have had SurfSideKick for a long time. It shows up everytime I run SpyBot Search and Destroy.

If you notice in the original HJT scan I had at least one BHO. I used HJT to fix the BHO. I believe the BHO stopped me from viewing a few common websites such as google, yahoo, craigslist... After following your instructions, I am not able to view these sites again.

I wasnt able to find AdAwareSE Vx2 Plug-in at the link that you gave.

I have had SurfSideKick for a long time. It shows up everytime I run SpyBot Search and Destroy.

Microsoft.WindowsSecurityCenter.AntiVirusDisableNo tify showed up in red when I did the Spybot S & D scan. What does it mean?

These three files were not found in the C: drive:

C:\Program Files\System Files\System.exe
C:\Program Files\PSHope\PSHope.exe
C:\Program Files\Common Files\??stem\d?xplore.exe
C:\Program Files\TClock\tclock_install.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:04:40 PM 11/6/2006

+ Scan result:

HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Dvx -> Adware.Delfin : Ignored.
C:\Program Files\HiJackThis\backups\backup-20061104-060214-587.dll -> Adware.Suggestor : Ignored.
C:\WINNT\system32\iqqr.exe -> Adware.Suggestor : Ignored.
C:\WINNT\system32\xeymi.dll -> Adware.Suggestor : Ignored.
:mozilla.28:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.29:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.30:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.24:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.25:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : Ignored.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:11:07 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\MAFWTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINNT\system32\xeymi.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [qcr40486] "RUNDLL32.EXE" w20c5d8c.dll,n 002404840000000320c5d8c
O4 - HKLM\..\Run: [w20cc6f4.dll] "RUNDLL32.EXE" w20cc6f4.dll,I2 00240484020cc6f4
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [Lflwn] C:\Program Files\Common Files\??stem\d?xplore.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINNT\system32\xeymi.dll
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

This showed up in red when I did the

These three files were not found in the C: drive:

C:\Program Files\System Files\System.exe
C:\Program Files\PSHope\PSHope.exe
C:\Program Files\Common Files\??stem\d?xplore.exe
C:\Program Files\TClock\tclock_install.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:04:40 PM 11/6/2006

+ Scan result:

HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Ignored.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Dvx -> Adware.Delfin : Ignored.
C:\Program Files\HiJackThis\backups\backup-20061104-060214-587.dll -> Adware.Suggestor : Ignored.
C:\WINNT\system32\iqqr.exe -> Adware.Suggestor : Ignored.
C:\WINNT\system32\xeymi.dll -> Adware.Suggestor : Ignored.
:mozilla.28:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.29:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.30:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.24:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.25:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : Ignored.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:11:07 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\MAFWTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINNT\system32\xeymi.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [qcr40486] "RUNDLL32.EXE" w20c5d8c.dll,n 002404840000000320c5d8c
O4 - HKLM\..\Run: [w20cc6f4.dll] "RUNDLL32.EXE" w20cc6f4.dll,I2 00240484020cc6f4
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [Lflwn] C:\Program Files\Common Files\??stem\d?xplore.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINNT\system32\xeymi.dll
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

**jholland1964** · 11-06-2006, 06:58 PM

Don't worry about that spywarebot at the moment.
Why didn't you have the AVG Anti-Spyware - Scan fix everything found as instructed?
Please be willing to follow the instructions as given. Each step will take awhile but must be done in a specific order. Don't fix something on your own, wait until instructed.
For now, please reboot to SAFE MODE. Run the AVG Anti-spy program again and please have it FIX everything found.

**philentropy** · 11-06-2006, 07:20 PM

Sorry, I didnt realize I saved the log before I fixed everything in the AVG scan. But I definitely did fix everything.

**jholland1964** · 11-06-2006, 11:11 PM

Can you run it again, just for my peace of mind?

**philentropy** · 11-07-2006, 10:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:11:07 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\MAFWTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINNT\system32\xeymi.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [qcr40486] "RUNDLL32.EXE" w20c5d8c.dll,n 002404840000000320c5d8c
O4 - HKLM\..\Run: [w20cc6f4.dll] "RUNDLL32.EXE" w20cc6f4.dll,I2 00240484020cc6f4
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [Lflwn] C:\Program Files\Common Files\??stem\d?xplore.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINNT\system32\xeymi.dll
O20 - Winlogon Notify: awtqn - C:\WINNT\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:02:27 AM 11/7/2006

+ Scan result:

HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Dvx -> Adware.Delfin : Cleaned.
:mozilla.23:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Casalemedia : Cleaned.

::Report end

Thread: hjt log

Thread Tools

Display

Hybrid View

hjt log

SpywareBlaster of SpyBot?

Thanks for the help!

Thread Information

Users Browsing this Thread

Posting Permissions