Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Winantivirus PRO 2005 Pop up (Help)

Featured Replies

Winantivirus PRO 2005 Pop up keeps coming up on my computer even when I am not connected to the internet. I know this is spyware but I've used Ad-Aware, Spy Bot S&D & various other scanners, but no success in removing it yet.

 

 

 

 

 

 

 

Could someone please explain how to remove this annoying spyware completely from my computer?

 

 

 

 

 

 

 

Cheerz

Try going into Add/Remove programs, and uninstalling it. Most official adware has this function now as it's against the law to not allow you to uninstall it.

dwmafianw7.jpg

Notoriously Trollish.

HijackThis log?

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

Doesn't show up in add/remove program list.

 

 

 

 

 

 

 

I don't really know much about computers so could guide me through that hijack this log?

 

 

 

 

 

 

 

Cheerz

Doesn't show up in add/remove program list.

 

 

 

 

 

 

 

I don't really know much about computers so could guide me through that hijack this log?

 

 

 

 

 

 

 

Cheerz

 

 

 

 

 

 

 

Sticky: FAQ - Index (Check here BEFORE posting a new Topic!!!)

 

 

 

 

 

 

 

Download HijackThis run the scan and post the content of the log file in this thread. I will tell you what to do next afterwards.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 11:07:56 PM, on 16/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\SwiftSwitch\SwiftSwitch[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft Money\System\urlmap[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.016\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [ff] tkf[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Media service] notpad[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] /auto

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2[Caution: ExecutableFile] /AUTOSTART

 

 

 

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert[Caution: ExecutableFile] -boot

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\RunServices: [ff] tkf[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Media service] notpad[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Windeows NetStart Service2] tesmons[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

Ok it might be worthwhile heading over to http://www.windowsupdate.com and downloading and patching your system. You are currently running an out-of-date copy og XP

 

 

 

 

 

 

 

Also you are running Switchshift which is an illegal third party application for Runescape. Do not listen to the claims that the creators of this about it being legal and approved by Jagex. It has never been formally approved and responses from Jagex CS regularly state that it is illegal and against the rules. It is also a bannable offence at tipit to post anything which proves that you are using this software. I doubt that the admins will ban you for this as you probably just missed the announcement but make a personal note to only use the official client in future.

 

 

 

 

 

 

 

Please run another scan and put tick boxes next to the following entries...

 

 

 

 

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O4 - HKLM\..\Run: [ff] tkf[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Media service] notpad[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] /auto

 

 

 

O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2[Caution: ExecutableFile] /AUTOSTART (i reccomend that you uninstall kazaa and install a spyware free p2p software)

 

 

 

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert[Caution: ExecutableFile] -boot (perhaps try and uninstall AdwareAlert thru the add/remove programs first, this is a fake anti spyware program hich actually displays popups of its own)

 

 

 

O4 - HKLM\..\RunServices: [ff] tkf[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Media service] notpad[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Windeows NetStart Service2] tesmons[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

 

 

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

 

 

 

 

You got a lot of nasty viruses and spyware in there :-/

 

 

 

After you have ticked all those entries click "fix" to remove all them. then restart your pc and post a fresh log. Also please say if you still have popups and things.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

How is this log now? Is my computer fix? Going to install new patch for windows tomorrow & deleting switchshift now. Also with windows update, do I choose express or custom update?

 

 

 

Cheerz

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 11:46:04 PM, on 16/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.422\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

Go for Express update, that will only install the patches that are critical to your system and security. The custom is all the optional patches.

 

 

 

 

 

 

 

Looks a lot cleaner now. Update your windows in the next week or so and if you still have any problems then we'll see what else we can do for you ^_^

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

When I attempt to remove Kazza, It says:

 

 

 

 

 

 

 

Setup has experienced an error.

 

 

 

Please do the following:

 

 

 

-Close any running programs

 

 

 

-Empty your temporary folder

 

 

 

-Check your internet connection

 

 

 

 

 

 

 

Then try your setup again.

 

 

 

 

 

 

 

It's removed from my computer (I think) but the installer/remover won't remove from add or remove programs, what do I do?

  • Author

Got a win anti virus pop up again.... Heres another log

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:09:53 AM, on 17/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SoftwareDistribution\Download\Install\Q810577_WXP_en[Caution: ExecutableFile]

 

 

 

c:\87bf242febeca02687378a9c9aaed235\xpsp1hfm[Caution: ExecutableFile]

 

 

 

c:\87bf242febeca02687378a9c9aaed235\sp1\update\update[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.735\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6878430484

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

http://www.richardthelionhearted.com/~m ... begone.zip

 

 

 

Download and run Zazaabegone. This will remove ALL traces of kazaa so make sure you have made a backup of all your songs somewhere.

 

 

 

 

 

 

 

Also try and run CWShredder to see if you have a CoolWebSearch variant infection of some kind

 

 

 

http://www.intermute.com/products/cwshredder.html

 

 

 

You will want the stand alone version

 

 

 

 

 

 

 

Perhaps this spyware is hiding amongsts the XP Service Pack 1 exploits. Perhaps upgrade your windows and post a log after installing SP2 so that I can see where this crap is hiding.

 

 

 

 

 

 

 

I am also told that maybe the Vundo B virus could be allowing this exploit to make popups. Perhaps run the fix program from symantec ]http://securityresponse.symantec.com/av ... VundoB[Caution: ExecutableFile]

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

Security Update for Windows XP (KB835732) update failed.

 

 

 

 

 

 

 

First link to kazaa removal cannot be found and I'm scanning for vunda because coolwebsearch didn't find anything.

 

 

 

 

 

 

 

Heres log of installing all windows updates but the 1 I mentiond, that update just won't install time after time.

 

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:44:12 AM, on 17/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Owner\My Documents\Jason\FxVundoB[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.578\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6878430484

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

  • Author

Final hack log before I go to bed.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 1:03:48 AM, on 17/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.328\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6878430484

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

  • Author

Final hack log before I go to bed.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 1:03:48 AM, on 17/09/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.328\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

 

 

 

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

 

 

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

 

 

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

 

 

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6878430484

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

 

 

 

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

 

 

 

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.