Not quite sure how it happened but have tried pretty much everything I was told to try. The norton scans would not pick up the virus sometimes but still have it under unresolved risks. I followed the steps from your web site. Here is my log. thx.
Logfile of Trend Micro
HijackThis v2.0.2
Scan saved at 1:57:24 PM, on
2/7/2009
Platform: Windows XP SP3
(WinNT 5.01.2600)
MSIE: Internet Explorer
v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.ex
e
C:\WINDOWS\system32\winlogon
.exe
C:\WINDOWS\system32\services
.exe
C:\WINDOWS\system32\lsass.ex
e
C:\WINDOWS\system32\svchost.
exe
C:\WINDOWS\system32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\system32\spoolsv.
exe
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDevic
eService.exe
C:\Program
Files\Bonjour\mDNSResponder.
exe
C:\Program
Files\COMPAQ\Compaq
Advisor\bin\compaq-rba.exe
C:\Program Files\Common
Files\Portrait
Displays\Shared\DTSRVC.exe
C:\Program
Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\NMSSvc.e
xe
C:\Program Files\Norton
Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
C:\WINDOWS\System32\nvsvc32.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\MsPMSPSv
.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton
Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.e
xe
C:\PROGRA~1\QUICKENW\QAGENT.
EXE
C:\WINDOWS\system32\PROMon.e
xe
C:\Program
Files\iTunes\iTunesHelper.ex
e
C:\WINDOWS\system32\mrtMngr.
EXE
C:\Program Files\Portrait
Displays\HP My
Display\DTHtml.exe
C:\Program Files\COMPAQ\Easy
Access Button
Support\StartEAK.exe
C:\WINDOWS\system32\carpserv
.exe
C:\Program Files\Common
Files\Portrait
Displays\Shared\HookManager.
exe
C:\Program Files\Compaq\Easy
Access Button
Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EX
E
C:\PROGRA~1\Compaq\EASYAC~1\
BttnServ.exe
C:\Program Files\Common
Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Program
Files\iPod\bin\iPodService.e
xe
C:\Program Files\Common
Files\Real\Update_OB\realsch
ed.exe
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Program
Files\Java\jre6\bin\javaw.ex
e
C:\WINDOWS\system32\notepad.
exe
C:\Documents and
Settings\RALPH\Desktop\hijac
kgpthis.exe
C:\WINDOWS\System32\wbem\wmi
prvse.exe
R1 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Search
Bar =
http://www.yahoo.com/search/
ie.html
R0 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Start
Page = http://www.yahoo.com/
R1 -
HKLM\Software\Microsoft\Inte
rnet
Explorer\Main,Default_Page_U
RL =
http://go.microsoft.com/fwli
nk/?LinkId=69157
R1 -
HKLM\Software\Microsoft\Inte
rnet
Explorer\Main,Default_Search
_URL =
http://go.microsoft.com/fwli
nk/?LinkId=54896
R1 -
HKLM\Software\Microsoft\Inte
rnet Explorer\Main,Search
Bar =
http://rd.yahoo.com/customiz
e/yessentials_cq/defaults/sb
/*http://www.yahoo.com/searc
h/ie.html
R0 -
HKLM\Software\Microsoft\Inte
rnet Explorer\Main,Start
Page =
http://go.microsoft.com/fwli
nk/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Inte
rnet
Explorer\SearchURL,(Default)
=
http://us.rd.yahoo.com/custo
mize/ie/defaults/su/msgr8/*h
ttp://www.yahoo.com
R1 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Window
Title = Microsoft Internet
Explorer provided by Compaq
R1 -
HKCU\Software\Microsoft\Wind
ows\CurrentVersion\Internet
Settings,ProxyOverride =
*.local
R3 - URLSearchHook: Yahoo!
Toolbar -
{EF99BD32-C1FB-11D2-892F-009
0271D4F88} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
N3 - Netscape 7:
user_pref("browser.startup.h
omepage",
"http://home.netscape.com/bo
okmark/7_0/home.html");
(C:\Documents and
Settings\RALPH\Application
Data\Mozilla\Profiles\defaul
t\r9eiari2.slt\prefs.js)
N3 - Netscape 7:
user_pref("browser.search.de
faultengine",
"engine://C%3A%5CProgram%20F
iles%5CNetscape%5CNetscape%2
06%5Csearchplugins%5CSBWeb_0
1.src"); (C:\Documents and
Settings\RALPH\Application
Data\Mozilla\Profiles\defaul
t\r9eiari2.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar
Helper -
{02478D38-C3F9-4EFB-9B51-769
5ECA05670} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
O2 - BHO: Adobe PDF Reader
Link Helper -
{06849E9F-C8D7-4D59-B87D-784
B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\
AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA5
78C2EBDC3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\
AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard
-
{5C8B2A36-3DB1-42A4-A3CB-D42
6709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdsg.dll
O2 - BHO: Symantec NCO BHO -
{602ADB0E-4AFF-4217-8AA1-95D
AC4DFA408} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O2 - BHO: Symantec Intrusion
Prevention -
{6D53EC84-6AAE-4787-AEEE-F46
28F01010C} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\IPS
BHO.DLL
O2 - BHO: Java(tm) Plug-In
SSV Helper -
{761497BB-D6F0-462C-B6EB-D4D
AF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live
Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-516
4760863C6} - C:\Program
Files\Common Files\Microsoft
Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser
Monitor -
{B56A7D7D-6927-48C8-A975-17D
F180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdpb.dll
O2 - BHO: Java(tm) Plug-In 2
SSV Helper -
{DBC80044-A445-435b-BC74-9C2
5C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.d
ll
O2 - BHO:
JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EAB
FE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\j
qs\ie\jqs_plugin.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209
B6AD74ACC} - C:\Program
Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar
-
{EF99BD32-C1FB-11D2-892F-009
0271D4F88} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
O3 - Toolbar: Norton Toolbar
-
{7FEBEFE3-6B19-4349-98D2-FFB
09D4B49CA} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O4 - HKLM\..\Run: [UMonit]
C:\WINDOWS\system32\umonit.e
xe
O4 - HKLM\..\Run:
[WCOLOREAL] "C:\Program
Files\COMPAQ\Coloreal\colore
al.exe"
O4 - HKLM\..\Run:
[TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsch
ed.exe" -osboot
O4 - HKLM\..\Run:
[SunJavaUpdateSched]
"C:\Program
Files\Java\jre6\bin\jusched.
exe"
O4 - HKLM\..\Run: [srmclean]
C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QuickTime
Task] "C:\Program
Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [QAGENT]
C:\PROGRA~1\QUICKENW\QAGENT.
EXE
O4 - HKLM\..\Run:
[PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Prein]
C:\DOCUME~1\RALPH\LOCALS~1\T
emp\app4F1.tmp
O4 - HKLM\..\Run:
[PerfectOptimizer]
C:\Program Files\Perfect
Optimizer\PerfectOptimizer.e
xe
O4 - HKLM\..\Run:
[NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [Microsoft
Works Update Detection]
C:\Program Files\Microsoft
Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft
Works Portfolio] C:\Program
Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run:
[iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.ex
e"
O4 - HKLM\..\Run: [DT HPW]
C:\Program Files\Portrait
Displays\HP My
Display\DTHtml.exe
-startup_folder
O4 - HKLM\..\Run:
[CPQEASYACC] C:\Program
Files\COMPAQ\Easy Access
Button Support\StartEAK.exe
O4 - HKLM\..\Run:
[CARPService] carpserv.exe
O4 - HKLM\..\Run:
[AppleSyncNotifier]
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleSyncNotifie
r.exe
O4 - HKLM\..\Run:
[AdaptecDirectCD]
"C:\Program Files\Roxio\Easy
CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe
Reader Speed Launcher]
"C:\Program
Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr]
"C:\Program Files\MSN
Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run:
[MoneyAgent] "C:\Program
Files\Microsoft
Money\System\Money
Express.exe"
O4 - HKCU\..\Run:
[ctfmon.exe]
C:\WINDOWS\system32\ctfmon.e
xe
O4 - HKCU\..\RunOnce: []
C:\Program Files\Mozilla
Firefox\firefox.exe
http://www.symantec.com/tech
supp/servlet/ProductMessages
?module=2009&error=0&languag
e=en&product=SymNRT&version=
2009.0.0.37&build=Symantec&a
=00000082.00000049.000000bb&
b=00000083.00000019.000000B1
&c=00000083.0000001A.000000B
7&d=00000083.00000028.000000
D8
O4 - HKUS\S-1-5-18\..\Run:
[Spyware Doctor] (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:
[Spyware Doctor] (User
'Default user')
O4 - Startup: PowerReg
Scheduler.exe
O4 - Global Startup:
Microsoft Works Calendar
Reminders.lnk = ?
O9 - Extra button: Spyware
Doctor -
{2D663D1A-8670-49D9-A1A5-4C5
6B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdpb.dll
O9 - Extra button:
PokerStars -
{3AD14F0C-ED16-4e43-B6D8-661
B03F6A1EF} - C:\Program
Files\PokerStars\PokerStarsU
pdate.exe
O9 - Extra button: Real.com
-
{CD67F990-D8E9-11d2-98FE-00C
0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.
dll
O9 - Extra button: MoneySide
-
{E023F504-0C5A-4750-A1E7-A90
46DEA8A21} - C:\Program
Files\Microsoft
Money\System\mnyviewer.dll
O9 - Extra button: (no name)
-
{e2e2dd38-d088-4134-82b7-f2b
a38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2b
a38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger
-
{FB5F1910-F110-11d2-BB9E-00C
04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C
04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop:
C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dl
l
O14 - IERESET.INF:
START_PAGE_URL=http://store.
presario.net/scripts/redirec
tors/presario/storeredir2.dl
l?s=consumerfav&c=2c02&lc=04
09
O16 - DPF:
{11260943-421B-11D0-8EAC-000
0C07D88CF} (iPIX ActiveX
Control) -
http://www.ipix.com/viewers/
ipixx.cab
O16 - DPF:
{1695C611-186A-4355-B777-0D8
5B325F07F} -
http://espn.go.com/espnmotio
n/espnmotion.cab
O16 - DPF:
{17492023-C23A-453E-A040-C7C
580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwli
nk/?linkid=39204
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1
d4f56a2ab} (YInstStarter
Class) - C:\Program
Files\Yahoo!\Common\yinsthel
per.dll
O16 - DPF:
{352797A0-EFD0-4FA6-B229-145
120EA4B8A} (Walt Disney
Internet Group Hardware
Control) -
https://disneyblast.go.com/v
3/setup/activex/DIGHardwareC
ontrol.cab
O16 - DPF:
{41F17733-B041-4099-A042-B51
8BB6A408C} -
http://a1540.g.akamai.net/7/
1540/52/20021205/qtinstall.i
nfo.apple.com/borris/us/win/
QuickTimeInstaller.exe
O16 - DPF:
{54B52E52-8000-4413-BD67-FC7
FE24B59F2} (EARTPatchX
Class) -
http://www.ea.com/downloads/
rtpatch/v2/EARTPX.cab
O16 - DPF:
{62475759-9E84-458E-A1AB-5D2
C442ADFDE} -
http://a1540.g.akamai.net/7/
1540/52/20031216/qtinstall.i
nfo.apple.com/mickey/us/win/
QuickTimeInstaller.exe
O16 - DPF:
{644E432F-49D3-41A1-8DD5-E09
9162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com
/sscv6/SharedContent/common/
bin/cabsa.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1
FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/
microsoftupdate/v6/V5Control
s/en/x86/client/muweb_site.c
ab?1124137993031
O16 - DPF:
{AB29A544-D6B4-4E36-A1F8-D3E
34FC7B00A} -
http://install.wildtangent.c
om/bgn/partners/wtgeneric/li
lostitchpinball/install.cab
O16 - DPF:
{C2FCEF52-ACE9-11D3-BEBD-001
05AA9B6AE} (Symantec RuFSI
Registry Information Class)
-
http://security.symantec.com
/SSC/SharedContent/common/bi
n/cabsa.cab
O16 - DPF:
{D27CDB6E-AE6D-11CF-96B8-444
553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedi
a.com/get/shockwave/cabs/fla
sh/swflash.cab
O16 - DPF:
{E77C0D62-882A-456F-AD8F-7C6
C9569B8C7} -
https://www-secure.symantec.
com/techsupp/activedata/Acti
veData.cab
O18 - Protocol: symres -
{AA1061FE-6C41-421F-9344-696
40C9732AB} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O18 - Filter hijack:
text/html - (no CLSID) - (no
file)
O23 - Service: Apple Mobile
Device - Apple Inc. -
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDevic
eService.exe
O23 - Service: Bonjour
Service - Apple Inc. -
C:\Program
Files\Bonjour\mDNSResponder.
exe
O23 - Service: Compaq
Advisor (Compaq_RBA) -
NeoPlanet - C:\Program
Files\COMPAQ\Compaq
Advisor\bin\compaq-rba.exe
O23 - Service: Portrait
Displays Display Tune
Service (DTSRVC) - Unknown
owner - C:\Program
Files\Common Files\Portrait
Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver
Table Manager (IDriverT) -
Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\1
1\Intel 32\IDriverT.exe
O23 - Service: iPod Service
- Apple Inc. - C:\Program
Files\iPod\bin\iPodService.e
xe
O23 - Service: Java Quick
Starter
(JavaQuickStarterService) -
Sun Microsystems, Inc. -
C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Content
Monitoring Tool (msCMTSrvc)
- Unknown owner -
C:\WINDOWS\system32\msCMTSrv
c.exe (file missing)
O23 - Service: Intel(R) NMS
(NMSSvc) - Intel Corporation
-
C:\WINDOWS\System32\NMSSvc.e
xe
O23 - Service: Norton
Internet Security - Symantec
Corporation - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
O23 - Service: NVIDIA Driver
Helper Service (NVSvc) -
NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.
exe
--
End of file - 12845 bytes
Logfile of Trend Micro
HijackThis v2.0.2
Scan saved at 1:57:24 PM, on
2/7/2009
Platform: Windows XP SP3
(WinNT 5.01.2600)
MSIE: Internet Explorer
v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.ex
e
C:\WINDOWS\system32\winlogon
.exe
C:\WINDOWS\system32\services
.exe
C:\WINDOWS\system32\lsass.ex
e
C:\WINDOWS\system32\svchost.
exe
C:\WINDOWS\system32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\system32\spoolsv.
exe
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDevic
eService.exe
C:\Program
Files\Bonjour\mDNSResponder.
exe
C:\Program
Files\COMPAQ\Compaq
Advisor\bin\compaq-rba.exe
C:\Program Files\Common
Files\Portrait
Displays\Shared\DTSRVC.exe
C:\Program
Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\NMSSvc.e
xe
C:\Program Files\Norton
Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
C:\WINDOWS\System32\nvsvc32.
exe
C:\WINDOWS\System32\svchost.
exe
C:\WINDOWS\System32\MsPMSPSv
.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton
Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.e
xe
C:\PROGRA~1\QUICKENW\QAGENT.
EXE
C:\WINDOWS\system32\PROMon.e
xe
C:\Program
Files\iTunes\iTunesHelper.ex
e
C:\WINDOWS\system32\mrtMngr.
EXE
C:\Program Files\Portrait
Displays\HP My
Display\DTHtml.exe
C:\Program Files\COMPAQ\Easy
Access Button
Support\StartEAK.exe
C:\WINDOWS\system32\carpserv
.exe
C:\Program Files\Common
Files\Portrait
Displays\Shared\HookManager.
exe
C:\Program Files\Compaq\Easy
Access Button
Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EX
E
C:\PROGRA~1\Compaq\EASYAC~1\
BttnServ.exe
C:\Program Files\Common
Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\Program
Files\iPod\bin\iPodService.e
xe
C:\Program Files\Common
Files\Real\Update_OB\realsch
ed.exe
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Program
Files\Java\jre6\bin\javaw.ex
e
C:\WINDOWS\system32\notepad.
exe
C:\Documents and
Settings\RALPH\Desktop\hijac
kgpthis.exe
C:\WINDOWS\System32\wbem\wmi
prvse.exe
R1 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Search
Bar =
http://www.yahoo.com/search/
ie.html
R0 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Start
Page = http://www.yahoo.com/
R1 -
HKLM\Software\Microsoft\Inte
rnet
Explorer\Main,Default_Page_U
RL =
http://go.microsoft.com/fwli
nk/?LinkId=69157
R1 -
HKLM\Software\Microsoft\Inte
rnet
Explorer\Main,Default_Search
_URL =
http://go.microsoft.com/fwli
nk/?LinkId=54896
R1 -
HKLM\Software\Microsoft\Inte
rnet Explorer\Main,Search
Bar =
http://rd.yahoo.com/customiz
e/yessentials_cq/defaults/sb
/*http://www.yahoo.com/searc
h/ie.html
R0 -
HKLM\Software\Microsoft\Inte
rnet Explorer\Main,Start
Page =
http://go.microsoft.com/fwli
nk/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Inte
rnet
Explorer\SearchURL,(Default)
=
http://us.rd.yahoo.com/custo
mize/ie/defaults/su/msgr8/*h
ttp://www.yahoo.com
R1 -
HKCU\Software\Microsoft\Inte
rnet Explorer\Main,Window
Title = Microsoft Internet
Explorer provided by Compaq
R1 -
HKCU\Software\Microsoft\Wind
ows\CurrentVersion\Internet
Settings,ProxyOverride =
*.local
R3 - URLSearchHook: Yahoo!
Toolbar -
{EF99BD32-C1FB-11D2-892F-009
0271D4F88} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
N3 - Netscape 7:
user_pref("browser.startup.h
omepage",
"http://home.netscape.com/bo
okmark/7_0/home.html");
(C:\Documents and
Settings\RALPH\Application
Data\Mozilla\Profiles\defaul
t\r9eiari2.slt\prefs.js)
N3 - Netscape 7:
user_pref("browser.search.de
faultengine",
"engine://C%3A%5CProgram%20F
iles%5CNetscape%5CNetscape%2
06%5Csearchplugins%5CSBWeb_0
1.src"); (C:\Documents and
Settings\RALPH\Application
Data\Mozilla\Profiles\defaul
t\r9eiari2.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar
Helper -
{02478D38-C3F9-4EFB-9B51-769
5ECA05670} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
O2 - BHO: Adobe PDF Reader
Link Helper -
{06849E9F-C8D7-4D59-B87D-784
B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\
AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA5
78C2EBDC3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\
AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard
-
{5C8B2A36-3DB1-42A4-A3CB-D42
6709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdsg.dll
O2 - BHO: Symantec NCO BHO -
{602ADB0E-4AFF-4217-8AA1-95D
AC4DFA408} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O2 - BHO: Symantec Intrusion
Prevention -
{6D53EC84-6AAE-4787-AEEE-F46
28F01010C} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\IPS
BHO.DLL
O2 - BHO: Java(tm) Plug-In
SSV Helper -
{761497BB-D6F0-462C-B6EB-D4D
AF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live
Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-516
4760863C6} - C:\Program
Files\Common Files\Microsoft
Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser
Monitor -
{B56A7D7D-6927-48C8-A975-17D
F180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdpb.dll
O2 - BHO: Java(tm) Plug-In 2
SSV Helper -
{DBC80044-A445-435b-BC74-9C2
5C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.d
ll
O2 - BHO:
JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EAB
FE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\j
qs\ie\jqs_plugin.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209
B6AD74ACC} - C:\Program
Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar
-
{EF99BD32-C1FB-11D2-892F-009
0271D4F88} - C:\Program
Files\Yahoo!\Companion\Insta
lls\cpn\yt.dll
O3 - Toolbar: Norton Toolbar
-
{7FEBEFE3-6B19-4349-98D2-FFB
09D4B49CA} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O4 - HKLM\..\Run: [UMonit]
C:\WINDOWS\system32\umonit.e
xe
O4 - HKLM\..\Run:
[WCOLOREAL] "C:\Program
Files\COMPAQ\Coloreal\colore
al.exe"
O4 - HKLM\..\Run:
[TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsch
ed.exe" -osboot
O4 - HKLM\..\Run:
[SunJavaUpdateSched]
"C:\Program
Files\Java\jre6\bin\jusched.
exe"
O4 - HKLM\..\Run: [srmclean]
C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QuickTime
Task] "C:\Program
Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [QAGENT]
C:\PROGRA~1\QUICKENW\QAGENT.
EXE
O4 - HKLM\..\Run:
[PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Prein]
C:\DOCUME~1\RALPH\LOCALS~1\T
emp\app4F1.tmp
O4 - HKLM\..\Run:
[PerfectOptimizer]
C:\Program Files\Perfect
Optimizer\PerfectOptimizer.e
xe
O4 - HKLM\..\Run:
[NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [Microsoft
Works Update Detection]
C:\Program Files\Microsoft
Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft
Works Portfolio] C:\Program
Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run:
[iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.ex
e"
O4 - HKLM\..\Run: [DT HPW]
C:\Program Files\Portrait
Displays\HP My
Display\DTHtml.exe
-startup_folder
O4 - HKLM\..\Run:
[CPQEASYACC] C:\Program
Files\COMPAQ\Easy Access
Button Support\StartEAK.exe
O4 - HKLM\..\Run:
[CARPService] carpserv.exe
O4 - HKLM\..\Run:
[AppleSyncNotifier]
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleSyncNotifie
r.exe
O4 - HKLM\..\Run:
[AdaptecDirectCD]
"C:\Program Files\Roxio\Easy
CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe
Reader Speed Launcher]
"C:\Program
Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr]
"C:\Program Files\MSN
Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run:
[MoneyAgent] "C:\Program
Files\Microsoft
Money\System\Money
Express.exe"
O4 - HKCU\..\Run:
[ctfmon.exe]
C:\WINDOWS\system32\ctfmon.e
xe
O4 - HKCU\..\RunOnce: []
C:\Program Files\Mozilla
Firefox\firefox.exe
http://www.symantec.com/tech
supp/servlet/ProductMessages
?module=2009&error=0&languag
e=en&product=SymNRT&version=
2009.0.0.37&build=Symantec&a
=00000082.00000049.000000bb&
b=00000083.00000019.000000B1
&c=00000083.0000001A.000000B
7&d=00000083.00000028.000000
D8
O4 - HKUS\S-1-5-18\..\Run:
[Spyware Doctor] (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:
[Spyware Doctor] (User
'Default user')
O4 - Startup: PowerReg
Scheduler.exe
O4 - Global Startup:
Microsoft Works Calendar
Reminders.lnk = ?
O9 - Extra button: Spyware
Doctor -
{2D663D1A-8670-49D9-A1A5-4C5
6B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\i
esdpb.dll
O9 - Extra button:
PokerStars -
{3AD14F0C-ED16-4e43-B6D8-661
B03F6A1EF} - C:\Program
Files\PokerStars\PokerStarsU
pdate.exe
O9 - Extra button: Real.com
-
{CD67F990-D8E9-11d2-98FE-00C
0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.
dll
O9 - Extra button: MoneySide
-
{E023F504-0C5A-4750-A1E7-A90
46DEA8A21} - C:\Program
Files\Microsoft
Money\System\mnyviewer.dll
O9 - Extra button: (no name)
-
{e2e2dd38-d088-4134-82b7-f2b
a38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2b
a38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger
-
{FB5F1910-F110-11d2-BB9E-00C
04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C
04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop:
C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dl
l
O14 - IERESET.INF:
START_PAGE_URL=http://store.
presario.net/scripts/redirec
tors/presario/storeredir2.dl
l?s=consumerfav&c=2c02&lc=04
09
O16 - DPF:
{11260943-421B-11D0-8EAC-000
0C07D88CF} (iPIX ActiveX
Control) -
http://www.ipix.com/viewers/
ipixx.cab
O16 - DPF:
{1695C611-186A-4355-B777-0D8
5B325F07F} -
http://espn.go.com/espnmotio
n/espnmotion.cab
O16 - DPF:
{17492023-C23A-453E-A040-C7C
580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwli
nk/?linkid=39204
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1
d4f56a2ab} (YInstStarter
Class) - C:\Program
Files\Yahoo!\Common\yinsthel
per.dll
O16 - DPF:
{352797A0-EFD0-4FA6-B229-145
120EA4B8A} (Walt Disney
Internet Group Hardware
Control) -
https://disneyblast.go.com/v
3/setup/activex/DIGHardwareC
ontrol.cab
O16 - DPF:
{41F17733-B041-4099-A042-B51
8BB6A408C} -
http://a1540.g.akamai.net/7/
1540/52/20021205/qtinstall.i
nfo.apple.com/borris/us/win/
QuickTimeInstaller.exe
O16 - DPF:
{54B52E52-8000-4413-BD67-FC7
FE24B59F2} (EARTPatchX
Class) -
http://www.ea.com/downloads/
rtpatch/v2/EARTPX.cab
O16 - DPF:
{62475759-9E84-458E-A1AB-5D2
C442ADFDE} -
http://a1540.g.akamai.net/7/
1540/52/20031216/qtinstall.i
nfo.apple.com/mickey/us/win/
QuickTimeInstaller.exe
O16 - DPF:
{644E432F-49D3-41A1-8DD5-E09
9162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com
/sscv6/SharedContent/common/
bin/cabsa.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1
FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/
microsoftupdate/v6/V5Control
s/en/x86/client/muweb_site.c
ab?1124137993031
O16 - DPF:
{AB29A544-D6B4-4E36-A1F8-D3E
34FC7B00A} -
http://install.wildtangent.c
om/bgn/partners/wtgeneric/li
lostitchpinball/install.cab
O16 - DPF:
{C2FCEF52-ACE9-11D3-BEBD-001
05AA9B6AE} (Symantec RuFSI
Registry Information Class)
-
http://security.symantec.com
/SSC/SharedContent/common/bi
n/cabsa.cab
O16 - DPF:
{D27CDB6E-AE6D-11CF-96B8-444
553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedi
a.com/get/shockwave/cabs/fla
sh/swflash.cab
O16 - DPF:
{E77C0D62-882A-456F-AD8F-7C6
C9569B8C7} -
https://www-secure.symantec.
com/techsupp/activedata/Acti
veData.cab
O18 - Protocol: symres -
{AA1061FE-6C41-421F-9344-696
40C9732AB} - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\coI
EPlg.dll
O18 - Filter hijack:
text/html - (no CLSID) - (no
file)
O23 - Service: Apple Mobile
Device - Apple Inc. -
C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDevic
eService.exe
O23 - Service: Bonjour
Service - Apple Inc. -
C:\Program
Files\Bonjour\mDNSResponder.
exe
O23 - Service: Compaq
Advisor (Compaq_RBA) -
NeoPlanet - C:\Program
Files\COMPAQ\Compaq
Advisor\bin\compaq-rba.exe
O23 - Service: Portrait
Displays Display Tune
Service (DTSRVC) - Unknown
owner - C:\Program
Files\Common Files\Portrait
Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver
Table Manager (IDriverT) -
Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\1
1\Intel 32\IDriverT.exe
O23 - Service: iPod Service
- Apple Inc. - C:\Program
Files\iPod\bin\iPodService.e
xe
O23 - Service: Java Quick
Starter
(JavaQuickStarterService) -
Sun Microsystems, Inc. -
C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Content
Monitoring Tool (msCMTSrvc)
- Unknown owner -
C:\WINDOWS\system32\msCMTSrv
c.exe (file missing)
O23 - Service: Intel(R) NMS
(NMSSvc) - Intel Corporation
-
C:\WINDOWS\System32\NMSSvc.e
xe
O23 - Service: Norton
Internet Security - Symantec
Corporation - C:\Program
Files\Norton Internet
Security\Engine\16.2.0.7\ccS
vcHst.exe
O23 - Service: NVIDIA Driver
Helper Service (NVSvc) -
NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.
exe
--
End of file - 12845 bytes