Thread: Xadso Lovebug
View Single Post
Old 10-24-2004, 09:24 AM   #1 (permalink)
SILVERBULLETS
Registered User
 
Join Date: Oct 2004
Posts: 2
OS: XP


Xadso Lovebug
I too have been bit by the love bug. Any help that you could give would be greatly appreciated. I have included my hjt log. Thank you for your help in saving my sanity.

Logfile of HijackThis v1.98.2
Scan saved at 11:23:24 AM, on 10/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Win Comm\WinComm.exe
C:\WINDOWS\system32\qxmevg.exe
C:\Program Files\Win Comm\WinLock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\PROGRA~1\TURBOC~2\netdetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\All Users\Documents\FTW\FTOSUB.EXE
C:\Documents and Settings\All Users\Documents\FTW\FTOSUB.EXE
C:\Documents and Settings\All Users\Documents\FTW\FTOSUB.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\Projselector.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net/cgi-bin/home?label=fidelity
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [layvitgeq] C:\WINDOWS\system32\qxmevg.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [ivkd] C:\WINDOWS\ivkd.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ad Arrest] C:\Program Files\Ad Arrest IE Popup Killer\adarrest.exe
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~2\TurboConnect.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net/cgi-bin/home?label=fidelity
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.2...-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0....-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0....-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3...-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20...-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-6.0.0....-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet-5...-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2....-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-5.8.2....-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.8...-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8...-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.4....-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8...-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.2...-ob-assets.cab
O16 - DPF: IEToolbarCab - http://www.ebonytoolbar.com/DailyToolbar.CAB
O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.8.6....-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.5.30/...-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.8.6.20...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-6.0....-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1...-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks06.pogo.com/applet-...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.3...-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3....-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game4.pogo.com/applet-6.0.0.3...-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5....-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2...-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.8.3...-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.6.2...-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.6....-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.3...-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-5.8.3....-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.3.2...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-6.0....-ob-assets.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/game...s/y/cct0_x.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...0cefe6258c0f3f
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/...l/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/21...CX/FlashAX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
SILVERBULLETS is offline  
Sponsored Links