Tech Support Guy banner
Cancel

help spyware is all over my computer

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 11 of 11 Posts
I

· Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Hi,

I was researching some medication that my mother had to take, and i got a message from semantic saying that a trojan horse virus was detected. Now i have a bunch of applications running on my pc, and i can't get them off. I have run ad aware, spybot search and destroy, and buster report, and the programs keep coming back. I also end up having my start page switched to "home search assistant" and I keep getting pop ups that say "only the best" My log form hijack this is as follows:


Can any one help?
 
M

· Registered
Joined
·
3,181 Posts
#2 ·
Welcome to TSG

Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.
 
I

· Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
Logfile of HijackThis v1.99.0
Scan saved at 10:22:16 AM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msic32.exe
C:\WINDOWS\apptz.exe
C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\luofno.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - C:\WINDOWS\system32\apicm.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HG6d] C:\WINDOWS\luofno.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = adjoined.net
O18 - Protocol: offline-420000 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: offline-511065 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\nethk32.exe (file missing)
 
M

· Registered
Joined
·
3,181 Posts
#4 ·
Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

CWshredder from http://www.subratam.org/?page=removal
Spybot - Search & Destroy from http://security.kolla.de
Download Adaware SE http://www.lavasoftusa.com/support/download/

then
Run CWSHREDDER,

Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you have all of Microsoft security updates

then reboot &

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
then post a new hijackthis log
 
M

· Registered
Joined
·
3,181 Posts
#5 ·
Go to control panel, add/remove programs and remove this

180Solutions (or 180Search)

Than

Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - C:\WINDOWS\system32\apicm.dll

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HG6d] C:\WINDOWS\luofno.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...iguration-1.cab

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll

Reboot to safe mode and delet these

C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
C:\WINDOWS\system32\tibs3.exe
c:\program files\180solutions\sais.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\luofno.exe

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

Reboot and post a new hijackthis log
 
I

· Registered
Joined
·
8 Posts
Discussion Starter · #7 ·
Logfile of HijackThis v1.99.0
Scan saved at 12:04:04 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\msic32.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apptz.exe
C:\hjt\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C7B33F7A-073C-9061-F6F7-482F69867311} - C:\WINDOWS\d3vl32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [apptz.exe] C:\WINDOWS\apptz.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\msic32.exe
 
I

· Registered
Joined
·
8 Posts
Discussion Starter · #8 ·
I took this part out of the results, this protocol section is for a software that i have installed so is the 016 -dbf that references back web

O18 - Protocol: bw+0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw+0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw+1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw+1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw-0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw-0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw-1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw-1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw00 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw00s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw01 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw01s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw10 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw10s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw11 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw11s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw20 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw20s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw21 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw21s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw30 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw30s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw31 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw31s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw40 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw40s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw41 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw41s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw50 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw50s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw51 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw51s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw60 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw60s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw61 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw61s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw70 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw70s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw71 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw71s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw80 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw80s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw81 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw81s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw90 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw90s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw91 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw91s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwa0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwa0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwa1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwa1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwb0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwb0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwb1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwb1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwc0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwc0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwc1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwc1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwd0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwd0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwd1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwd1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwe0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwe0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwe1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwe1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwf0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwf0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwf1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwf1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwfile-420000 - {A80A3797-D215-463A-B93A-A55383AA2FCD} - C:\Program Files\BDS Plugin 4.2\420000\Program\GAPlugProtocol-420000.dll
O18 - Protocol: bwfile-511065 - {1BC748A7-C059-4757-B2F4-4941584466E6} - C:\Program Files\AdjoinedObiOffline\511065\Program\GAPlugProtocol-511065.dll
O18 - Protocol: bwg0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwg0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwg1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwg1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwh0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwh0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwh1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwh1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwi0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwi0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwi1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwi1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwj0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwj0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwj1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwj1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwk0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwk0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwk1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwk1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwl0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwl0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwl1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwl1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwm0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwm0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwm1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwm1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwn0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwn0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwn1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwn1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwo0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwo0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwo1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwo1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwp0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwp0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwp1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwp1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwq0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwq0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwq1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwq1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwr0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwr0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwr1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwr1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bws0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bws0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bws1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bws1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwt0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwt0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwt1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwt1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwu0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwu0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwu1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwu1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwv0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwv0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwv1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwv1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bww0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bww0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bww1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bww1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwx0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwx0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwx1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwx1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwy0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwy0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwy1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwy1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwz0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwz0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwz1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwz1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: offline-420000 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: offline-511065 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
 
I

· Registered
Joined
·
8 Posts
Discussion Starter · #9 ·
I got the pop up again when posting the previous message, so i checked the hijack this log again, all the entries are back with reguards to search bar and search assistant. I have delete the rows that start with 018 again because the post size is too big

Logfile of HijackThis v1.99.0
Scan saved at 12:09:30 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\msic32.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apptz.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C7B33F7A-073C-9061-F6F7-482F69867311} - C:\WINDOWS\d3vl32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [apptz.exe] C:\WINDOWS\apptz.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\msic32.exe
 
I

· Registered
Joined
·
8 Posts
Discussion Starter · #11 ·
I found a site that had a detailed section on how to get the "home search agent" off my pc. http://www.short-media.com/review.php?r=259 along with running all the tools you suggested above it had some other programs. I also went to http://housecall.trendmicro.com/ and ran the online version of thier virus scanner. It seems that my computer is clean now the registry is no longer being updated with the bogus entries.

Thanks
 
1 - 11 of 11 Posts
Status
Not open for further replies.
About this Discussion
10 Replies
2 Participants
Last post:
imc1976
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top