Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Hi all,
My internet explorer sometime terminated and gives me this massage:

Program error
ixplore.exe has generated errors and will be closed by windows.
You will need to restart the program.
An error log is being created.
OK

Then I update my windows, still this massage is coming but only a few times, not like before.
What I understand from my searches that the (ixplore.exe) is a spyware or virus, but in my hijackhtis log I can't see it.

This is my hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 01:36:06 م, on 20/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger Khalid Edition 4.2 AR\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ar-xa\msnappau.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
c:\docume~1\admini~1\applic~1\64name~1\Peak 32 balm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nvutedsdrahsdoepyzndi.com/CUSst...useW9UU63FX.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ar-xa\msntb.dll
O2 - BHO: (no name) - {DDAC9715-C26A-0986-B957-BFE0291F0949} - blank (file missing)
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ar-xa\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger Khalid Edition 4.2 AR\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [EagleEye] C:\Program Files\tuEagles\EagleSvr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ar-xa\msnappau.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [wma live] C:\DOCUME~1\ADMINI~1\APPLIC~1\64NAME~1\New Htm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: DigiChat Applet - http://albany.digi-net.com/DigiChat/DigiCl..._IE_5_1_0_1.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129700687594
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab
O18 - Filter: text/html - {F79B2338-A6E7-46D4-9201-422AA6E74F43} - C:\WINNT\EagleFlt.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Could anybody help please.
 

·
Administrator
Joined
·
4,870 Posts
Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If necessary, please ask any questions before proceeding with the procedures below.
_________________________________________________

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJK , or another name of your choice.
_________________________________________________

Messenger Plus - this program contains a Sponsor program. If you installed this sponsor program, please uninstall Messenger Plus and reinstall it without the sponsor.

Please disconnect your internet connection before proceeding. It is essential that all other programmes be shut down during uninstall, especially Internet Explorer. Use Task Manager to ensure that no iexplore.exe processes are running before attempting an uninstall of Messenger Plus!

Go to Windows Control Panel>Add/Remove Programs
  • Uninstall Messenger Plus! 3
  • The "Messenger Plus! - Setup" is now displayed.
  • Click on the Uninstall button. (options displayed on the first screen isn't related to the sponsor program)
  • The sponsor screen is now displayed (if not seen, search for it in your Task Bar).
  • To prove that someone is currently reading the screen, you have to type the code that is displayed.
  • Once you enter the code, press "Uninstall".
  • Answer Yes when prompted to uninstall.
  • Complete the uninstallation by following the instructions that are displayed
_________________________________________________

Reboot your system.
_________________________________________________

Please download Fl.zip.

Extract the contents to a new folder on Desktop. Within the folder, locate and double-click Fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.
_________________________________________________

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) _________________________________________________

Please do an online scan at Panda ActiveScan

  1. Click on the Scan your PC button & a pop up window shall appear. *Ensure that your pop up blocker doesn't block it*
  2. Click On Next
  3. Enter your e-mail address & click Send. *It will begin downloading Panda's ActiveX controls which are about 8MB in size*
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (Heuristic)
    • Detect spyware

  5. Begin the scan by selecting All My Computer

    You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

  6. If it finds any malware, it will offer you a report. Click on See report
  7. Then click Save report
_________________________________________________

Paste the results of the Panda Scan here together with a new HiJack This log.
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
i'm very sorry for late,

This is findlop log:

Volume in drive C has no label.
Volume Serial Number is 6CE3-EB41

Directory of C:\Documents and Settings\All Users\Application Data

08/17/2003 01:21a <DIR> .
08/17/2003 01:21a <DIR> ..
08/17/2003 01:33a <DIR> Microsoft
06/24/2005 07:32a <DIR> AVG7
06/24/2005 07:36a <DIR> QuickTime
06/24/2005 07:54a <DIR> Kaspersky Anti-Virus Personal Pro
06/27/2005 06:40a <DIR> UControl
07/22/2005 12:35p <DIR> Adobe
08/08/2005 12:42a <DIR> Symantec
08/21/2005 01:25a <DIR> Spybot - Search & Destroy
08/23/2005 08:38p <DIR> Messenger Plus!
08/27/2005 09:19p <DIR> Adobe Systems
08/29/2005 11:53a <DIR> PopCap
08/29/2005 12:33p <DIR> Trymedia
09/27/2005 03:10p <DIR> bash vga user file
10/15/2005 05:08p <DIR> EA
10/19/2005 11:54a <DIR> SITE BIRD COAL PLAN
10/20/2005 11:59a <DIR> Yahoo! Companion
0 File(s) 0 bytes
18 Dir(s) 13,065,682,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 6CE3-EB41

Directory of C:\Documents and Settings\User\Application Data

06/24/2005 06:21a <DIR> .
06/24/2005 06:21a <DIR> ..
06/24/2005 06:21a <DIR> Identities
06/24/2005 07:06a <DIR> Mozilla
06/24/2005 07:14a <DIR> Real
06/24/2005 07:38a <DIR> Talkback
06/24/2005 10:04p <DIR> Microsoft Web Folders
06/26/2005 05:33a <DIR> Macromedia
03/25/2004 07:58p 186,409 defaultspam.wl
03/25/2004 07:58p 343,784 defaultgood.wl
07/22/2005 12:34p <DIR> Adobe
08/08/2005 12:42a <DIR> Symantec
08/20/2005 06:35p <DIR> Google
08/21/2005 12:28a <DIR> Lavasoft
08/30/2005 07:05p <DIR> Basta Computing
09/02/2005 06:56p <DIR> HbTools
09/12/2005 10:38p <DIR> Interactive Agents
2 File(s) 530,193 bytes
15 Dir(s) 13,065,682,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 6CE3-EB41

Directory of C:\Documents and Settings\administrator\Application Data

09/27/2005 09:52a <DIR> .
09/27/2005 09:52a <DIR> ..
09/27/2005 09:52a <DIR> Identities
09/27/2005 09:52a <DIR> Real
09/27/2005 11:58a <DIR> Macromedia
09/27/2005 01:35p <DIR> Adobe
09/27/2005 03:10p <DIR> 64 NAME HECK
09/27/2005 03:10p <DIR> MEMO AUDIO
10/15/2005 03:55p <DIR> Wildfire
10/15/2005 05:08p <DIR> EA
10/22/2005 08:46p <DIR> Google
10/31/2005 12:07a <DIR> Help
0 File(s) 0 bytes
12 Dir(s) 13,065,682,944 bytes free
Volume in drive C has no label.
Volume Serial Number is 6CE3-EB41

Directory of C:\Documents and Settings\Default User\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A6FACAE891654408.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\admini~1\applic~1\64name~1\Peak 32 balm.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Administrator'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/01/2005 16:00:00
NextRun: 11/01/2005 17:00:00
StartError: S_OK
ExitCode: 0xc000013a
Status: SCHED_S_TASK_RUNNING
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/08/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0



and this is Panda ActiveScan log:


Incident Status Location

Adware:Adware/Lop No disinfected c:\docume~1\admini~1\applic~1\64name~1\Peak 32 balm.exe
Adware:Adware/Lop No disinfected c:\docume~1\admini~1\applic~1\64name~1\newhtm~1.exe
Adware:adware/wupd No disinfected C:\WINNT\SYSTEM32\ide21201.vxd
Adware:adware/gator No disinfected C:\WINNT\GatorHDPlugin.log
Adware:adware/savenow No disinfected C:\PROGRAM FILES\Save
Adware:adware/ucontrol No disinfected C:\PROGRAM FILES\COMMON FILES\UControl
Adware:adware/whenusearch No disinfected C:\PROGRAM FILES\COMMON FILES\WhenU
Adware:adware/oemji No disinfected Windows Registry
Virus:Trj/Keylog.BR Disinfected C:\WINNT\system32\diediewb.dll
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\bash vga user file\cakelist.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\User\Local Settings\Temp\524832_1580_1136_1684_62.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\User\Local Settings\Temp\721174_1400_1076_1276_62.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\User\Local Settings\Temp\655564_1312_1060_1492_62.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\User\Local Settings\Temp\458958_1196_1212_1200_62.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\User\Local Settings\Temp\1245498_712_1136_1512_62.41.tmp1
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\ikfkbaod.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\ukodzipr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\ilywfvff.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\tywsrtsg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\sta4E.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\sta64.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\sta53.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bis3C.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bisF.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\sta1.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bis52.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bis4D.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bis81.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temp\bis55.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Local Settings\Temporary Internet Files\Content.IE5\24HZMA5V\newpass2[1].htm
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Application Data\64 NAME HECK\New Htm.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Application Data\64 NAME HECK\lzqfpnet.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Application Data\64 NAME HECK\Aim Spam Title Draw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\administrator\Application Data\64 NAME HECK\Peak 32 balm.exe
Adware:Adware/Lop No disinfected C:\Program Files\Adverts\uninst.exe
Possible Virus. No disinfected C:\Program Files\tuEagles\EagleH.dll
Adware:Adware/Lop No disinfected C:\FOUND.069\FILE0034.CHK

and this is HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 06:23:09 م, on 01/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger Khalid Edition 4.2 AR\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ar-xa\msnappau.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\GetSmile\GetSmile.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\docume~1\admini~1\applic~1\64name~1\Peak 32 balm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nvutedsdrahsdoepyzndi.co...ChYSXWQP7wdfCZuDNWVEr73N_ifkwduseW9UU63FX.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ar-xa\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ar-xa\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger Khalid Edition 4.2 AR\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\ar-xa\msnappau.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [wma live] C:\DOCUME~1\ADMINI~1\APPLIC~1\64NAME~1\New Htm.exe
O4 - HKCU\..\Run: [GetSmile] C:\Program Files\GetSmile\GetSmile.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger Khalid Edition 4.2 AR\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: DigiChat Applet - http://albany.digi-net.com/DigiChat/DigiClasses/Client_IE_5_1_0_1.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129700687594
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top