Tech Support Forum - View Single Post

ByeJack06 · 07-06-2005, 03:16 PM

It seems like the virus has stopped. But an interesting thing to note is that the Avast! anitvirus supposedly found a virus on Panda' Active Scanner. It detected a Win32:Kuang2 on the imscan.dll file. I just turned off Avast after that. Anyways, here are the results:

1) rdriv.txt

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

2) Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:48:47 AM, 7/6/2005
+ Report-Checksum: 9300EC0B

+ Scan result:

:mozilla.119:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.932:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.934:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Ann Dinh\Cookies\ann dinh@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ann Dinh\My Documents\My Software\cracks\ShowMaker.Pro.2.11_REGFILE-FFF.zip/ShowMaker-Regpatch.exe -> Trojan.Small.cr : Cleaned with backup
C:\Program Files\Avast4\DATA\moved\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\Program Files\Showmaker\ShowMaker-Regpatch.exe -> Trojan.Small.cr : Cleaned with backup
C:\WINDOWS\Temp\bw.exe -> TrojanDropper.Small.of : Cleaned with backup

::Report End

3) Active Scan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\WINDOWS\System32\Xcite.dll
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Ann Dinh\Application Data\Lycos
Adware:Adware/InstDollars No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biH.inf
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.dll
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe

4) HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 4:03:24 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ann Dinh\My Documents\My Software\anti spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/315e80ad...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120597614125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99730E0-A037-4E04-9604-8BF95F620334}: NameServer = 206.141.192.60 206.141.193.55
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks for the help. Please inform if you see other problems that can be fixed.

07-06-2005, 03:16 PM	#3 (permalink)
ByeJack06 Registered User Join Date: Jul 2005 Posts: 4 OS: Windows XP	It seems like the virus has stopped. But an interesting thing to note is that the Avast! anitvirus supposedly found a virus on Panda' Active Scanner. It detected a Win32:Kuang2 on the imscan.dll file. I just turned off Avast after that. Anyways, here are the results: 1) rdriv.txt ~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~ rdriv.sys NOT PRESENT! ItunesMusic.exe NOT PRESENT! wkssvc.exe NOT PRESENT! ~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~ rdriv.sys NOT PRESENT! ItunesMusic.exe NOT PRESENT! wkssvc.exe NOT PRESENT! 2) Ewido --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:48:47 AM, 7/6/2005 + Report-Checksum: 9300EC0B + Scan result: :mozilla.119:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Ignored HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup :mozilla.44:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.45:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.46:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.47:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.96:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.97:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.150:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.151:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.152:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.153:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.154:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.155:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.156:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.157:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.158:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.168:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.169:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.170:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.171:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup :mozilla.172:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.173:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.174:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.216:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.227:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup :mozilla.233:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.234:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.235:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.236:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.237:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.246:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\default.2vb\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup :mozilla.192:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.193:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.194:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.195:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.196:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.631:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup :mozilla.822:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.823:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.932:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.933:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.934:C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.6:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup :mozilla.10:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.11:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.12:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.18:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.19:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.35:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.36:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup :mozilla.81:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.82:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.85:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.90:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.91:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.92:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.93:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.102:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup :mozilla.115:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.116:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.117:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.118:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.129:C:\Documents and Settings\Ann Dinh\Application Data\Phoenix\Profiles\The Thriftster\45zl49wh.slt\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup C:\Documents and Settings\Ann Dinh\Cookies\ann dinh@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Ann Dinh\My Documents\My Software\cracks\ShowMaker.Pro.2.11_REGFILE-FFF.zip/ShowMaker-Regpatch.exe -> Trojan.Small.cr : Cleaned with backup C:\Program Files\Avast4\DATA\moved\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup C:\Program Files\Showmaker\ShowMaker-Regpatch.exe -> Trojan.Small.cr : Cleaned with backup C:\WINDOWS\Temp\bw.exe -> TrojanDropper.Small.of : Cleaned with backup ::Report End 3) Active Scan Incident Status Location Adware:Adware/SaveNow No disinfected Windows Registry Adware:Adware/MyWay No disinfected C:\WINDOWS\System32\Xcite.dll Adware:Adware/nCase No disinfected Windows Registry Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Ann Dinh\Application Data\Lycos Adware:Adware/InstDollars No disinfected Windows Registry Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biH.inf Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.dll Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe 4) HijackThis Logfile of HijackThis v1.99.1 Scan saved at 4:03:24 PM, on 7/6/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Ann Dinh\My Documents\My Software\anti spy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Ann Dinh\Application Data\Mozilla\Firefox\Profiles\DINH MAN\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/315e80ad...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120597614125 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B99730E0-A037-4E04-9604-8BF95F620334}: NameServer = 206.141.192.60 206.141.193.55 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe Thanks for the help. Please inform if you see other problems that can be fixed.