Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

help spyware is all over my computer

999 Views 10 Replies 2 Participants Last post by  imc1976
I
Hi,

I was researching some medication that my mother had to take, and i got a message from semantic saying that a trojan horse virus was detected. Now i have a bunch of applications running on my pc, and i can't get them off. I have run ad aware, spybot search and destroy, and buster report, and the programs keep coming back. I also end up having my start page switched to "home search assistant" and I keep getting pop ups that say "only the best" My log form hijack this is as follows:


Can any one help?
Save
Like
Status
Not open for further replies.
1 - 8 of 11 Posts
I
Logfile of HijackThis v1.99.0
Scan saved at 10:22:16 AM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msic32.exe
C:\WINDOWS\apptz.exe
C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\luofno.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - C:\WINDOWS\system32\apicm.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HG6d] C:\WINDOWS\luofno.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = adjoined.net
O18 - Protocol: offline-420000 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: offline-511065 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\nethk32.exe (file missing)
See less See more
Save
Like
I
there are 2 things that it couldn't remove ISearchTech.ISTscv and ISearchTech.Slotch, i will reboot and run the ad aware
Save
Like
I
Logfile of HijackThis v1.99.0
Scan saved at 12:04:04 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\msic32.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apptz.exe
C:\hjt\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C7B33F7A-073C-9061-F6F7-482F69867311} - C:\WINDOWS\d3vl32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [apptz.exe] C:\WINDOWS\apptz.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\msic32.exe
See less See more
Save
Like
I
I took this part out of the results, this protocol section is for a software that i have installed so is the 016 -dbf that references back web

O18 - Protocol: bw+0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw+0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw+1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw+1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw-0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw-0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw-1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw-1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw00 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw00s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw01 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw01s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw10 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw10s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw11 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw11s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw20 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw20s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw21 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw21s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw30 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw30s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw31 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw31s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw40 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw40s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw41 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw41s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw50 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw50s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw51 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw51s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw60 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw60s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw61 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw61s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw70 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw70s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw71 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw71s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw80 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw80s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw81 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw81s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw90 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw90s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bw91 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bw91s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwa0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwa0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwa1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwa1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwb0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwb0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwb1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwb1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwc0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwc0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwc1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwc1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwd0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwd0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwd1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwd1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwe0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwe0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwe1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwe1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwf0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwf0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwf1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwf1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwfile-420000 - {A80A3797-D215-463A-B93A-A55383AA2FCD} - C:\Program Files\BDS Plugin 4.2\420000\Program\GAPlugProtocol-420000.dll
O18 - Protocol: bwfile-511065 - {1BC748A7-C059-4757-B2F4-4941584466E6} - C:\Program Files\AdjoinedObiOffline\511065\Program\GAPlugProtocol-511065.dll
O18 - Protocol: bwg0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwg0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwg1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwg1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwh0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwh0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwh1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwh1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwi0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwi0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwi1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwi1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwj0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwj0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwj1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwj1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwk0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwk0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwk1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwk1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwl0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwl0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwl1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwl1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwm0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwm0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwm1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwm1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwn0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwn0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwn1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwn1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwo0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwo0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwo1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwo1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwp0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwp0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwp1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwp1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwq0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwq0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwq1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwq1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwr0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwr0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwr1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwr1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bws0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bws0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bws1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bws1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwt0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwt0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwt1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwt1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwu0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwu0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwu1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwu1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwv0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwv0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwv1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwv1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bww0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bww0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bww1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bww1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwx0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwx0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwx1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwx1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwy0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwy0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwy1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwy1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwz0 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwz0s - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: bwz1 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: bwz1s - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: offline-420000 - {190ABA78-3FB0-4280-896B-21DF4EDD2EB3} - C:\Program Files\BDS Plugin 4.2\420000\Program\BWPlugProtocol-420000.dll
O18 - Protocol: offline-511065 - {92C924B1-615D-409A-94C0-1227F973C8E9} - C:\Program Files\AdjoinedObiOffline\511065\Program\BWPlugProtocol-511065.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
Save
Like
I
I got the pop up again when posting the previous message, so i checked the hijack this log again, all the entries are back with reguards to search bar and search assistant. I have delete the rows that start with 018 again because the post size is too big

Logfile of HijackThis v1.99.0
Scan saved at 12:09:30 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\msic32.exe
C:\oracle\ora81\Apache\jdk\bin\java.exe
C:\oracle\ora81\Apache\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdjoinedObiOffline\511065\Program\AdjoinedObiOffline.exe
C:\Program Files\BDS Plugin 4.2\420000\Program\BDS plugin 4.2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apptz.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gojwy.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C7B33F7A-073C-9061-F6F7-482F69867311} - C:\WINDOWS\d3vl32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [apptz.exe] C:\WINDOWS\apptz.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdjoinedObiOffline.lnk = ?
O4 - Global Startup: BDS plugin 4.2.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...guration-1/7.2.0.149/Lite/Configuration-1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adjoined.net
O17 - HKLM\Software\..\Telephony: DomainName = adjoined.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adjoined.net
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - C:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDROT01 - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: IBM PSA Access Driver Control - Unknown - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\msic32.exe
See less See more
Save
Like
I
I can run spybot, and even if i fix the problems i can immediately re-scan and it still finds DSO exploit, which it had just fixed.
Save
Like
I
I found a site that had a detailed section on how to get the "home search agent" off my pc. http://www.short-media.com/review.php?r=259 along with running all the tools you suggested above it had some other programs. I also went to http://housecall.trendmicro.com/ and ran the online version of thier virus scanner. It seems that my computer is clean now the registry is no longer being updated with the bogus entries.

Thanks
Save
Like
1 - 8 of 11 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top