Tech Support Forum - View Single Post

nuzzskee · 08-16-2005, 03:41 PM

Hi

I've used Adaware, Spybot and AVG. Some Trojans were caught and isolated, (Trojan Downloader, Riskware Net toolWin 32 PSKILL, and Adware Backewb.a & Sahat.n) but my PC keeps getting maxed CPU and runs very slow. Also have hard time getting to internet (DSL techs say teting OK)

Here is my Hijack Analyzer log:

Thank you for your help

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 4:18:35 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\WINDOWS\system32\hphmon05.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\WINDOWS\System32\cisvc.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Marimba\CASTAN~1\Tuner.exe
E:\WINDOWS\System32\svchost.exe
C:\Marimba\CASTAN~1\lib\jre\bin\jre.exe
E:\Program Files\Iomega\AutoDisk\ADService.exe
E:\WINDOWS\system32\CCM\CcmExec.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Grisoft\AVG Free\avgcc.exe
E:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
e:\program files\mcafee.com\agent\mcagent.exe
E:\Program Files\MSN\MSNCoreFiles\msn.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://eweb.verizon.com/home.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar_en_2.0.113-deleon.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] E:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Marimba User Login.LNK = E:\WINDOWS\system32\wscript.exe
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0326/ticker.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databa...image40803.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activ...oadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97755D23-1BE1-46C3-9456-40759517B4CD}: NameServer = 151.203.0.84 151.203.0.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - E:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\Marimba\CASTAN~1\Tuner.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam - Unknown owner - E:\PROGRA~1\symantec\LIVEUP~1\savroam.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - E:\Program Files\Iomega\AutoDisk\ADService.exe

End of KRC HijackThis Analyzer Log.
====================================================================

08-16-2005, 03:41 PM	#1 (permalink)
nuzzskee Registered User Join Date: Oct 2004 Posts: 15 OS: XP	Please review Hijackthis log Hi I've used Adaware, Spybot and AVG. Some Trojans were caught and isolated, (Trojan Downloader, Riskware Net toolWin 32 PSKILL, and Adware Backewb.a & Sahat.n) but my PC keeps getting maxed CPU and runs very slow. Also have hard time getting to internet (DSL techs say teting OK) Here is my Hijack Analyzer log: Thank you for your help ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 4:18:35 PM, on 8/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Iomega\AutoDisk\ADUserMon.exe E:\Program Files\Iomega\DriveIcons\ImgIcon.exe E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe E:\Program Files\HP\hpcoretech\hpcmpmgr.exe E:\WINDOWS\system32\hphmon05.exe E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\Program Files\Microsoft Office\Office\OSA.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\WINDOWS\System32\drivers\CDAC11BA.EXE E:\WINDOWS\System32\cisvc.exe E:\PROGRA~1\Iomega\System32\AppServices.exe C:\Marimba\CASTAN~1\Tuner.exe E:\WINDOWS\System32\svchost.exe C:\Marimba\CASTAN~1\lib\jre\bin\jre.exe E:\Program Files\Iomega\AutoDisk\ADService.exe E:\WINDOWS\system32\CCM\CcmExec.exe E:\WINDOWS\system32\HPZipm12.exe E:\WINDOWS\system32\cidaemon.exe E:\Program Files\Grisoft\AVG Free\avgcc.exe E:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe e:\program files\mcafee.com\agent\mcagent.exe E:\Program Files\MSN\MSNCoreFiles\msn.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://eweb.verizon.com/home.shtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar_en_2.0.113-deleon.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] E:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Marimba User Login.LNK = E:\WINDOWS\system32\wscript.exe O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0326/ticker.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databa...image40803.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activ...oadControl.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97755D23-1BE1-46C3-9456-40759517B4CD}: NameServer = 151.203.0.84 151.203.0.85 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - E:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\Marimba\CASTAN~1\Tuner.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam - Unknown owner - E:\PROGRA~1\symantec\LIVEUP~1\savroam.exe (file missing) O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - E:\Program Files\Iomega\AutoDisk\ADService.exe End of KRC HijackThis Analyzer Log. ====================================================================