Please help with a virus

[denysy1]

Hi,

A couple of days ago I got a virus and now I can't get rid of it. When my antivirus first detected it, it was detected as W32.Looksky.A@mm . I went to the symantec description web page of this virus:

http://securityresponse.symantec.com/avcenter/venc/data/w32.looksky.a@mm.html

and i followed their instructions step by step.

I disabled system restore, updated virus definition, run a full system scan(in safe mode) and deleted values added to registry. On top of that i scanned my pc with Bulletproof Ad-ware remover and manually searched the registry and my pc for all the file names used by this virus. I also deleted any files i downloaded of the internet for the last few days.

However after I restarted my pc the virus is still there.

Someone please help!!!

Denys

 

[Osiris]

scan with these programs


go to start, run, type msconfig, go to startup, disable all except your antivirus apply but dont reboot yet.

adaware se
spybot
m icrosoft antispy
Ewido


then run these programs in safe mode, remove anything they find, go back to regular mode and scan again. Then post a hijackthis log

 

[EricB]

boot from your norton cd or run the scan in safe mode. you can buy nod32 as a better alternative

 

[jbc]

Well, I have been helping people on my job for fifteen years destroy viruses (what ever the plural of virus is) and IMHO (emphais on the word humble) is that your first mistake is relying on Symantec for anything. I would suggest that you go to us.mcafee.com and look for the free scan option to see if you really do have a virus. Perhaps Mc Afee will elminate the virus for you, just this once.

 

[Osiris]

Follow these instructions carefully

Download ALL 4 programs and update them as soon as they are installed, this is very important, except for Hijackthis!.

Ad Aware SE Personal Free

Spybot Search and Destroy Free

Microsoft Windows AntiSpyware Free

HijackThis Free

Ewido

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, click apply, dont reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup Free

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit".

Now run each spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

For Microsoft Antispy, after it has finished scanning, some items will/might be on ignore, you will need to select remove unless the program is valid such as VNC Viewer, etc.

Now go to the recycle bin and delete everything that is in it.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode. You dont need to run Hijackthis! yet.

Then run HiJackthis!

Save the log, copy and paste the log on www.techist.com
Do not attach the log, copy and paste always. This will make things go much faster.

 

[denysy1]

OK, i think its gone now. Thanks very much for your help.

Here's the Hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 4:29:29 PM, on 26/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ReGetDx\regetdx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Victor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127177889524
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127177852661
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PS. The virus seems to have altered my accounts settings so I can't access task manager or change my desktop now. Where can I change it back?

 

[Osiris]

We have some more removing to do. Download Cleanup! http://www.stevengould.org/software/cleanup/ and run the standard clean, you can run the thorough clean but it will erase your favorites place/bookmarks, games scores, etc. Do what you wish, then post another log and we will remove the rest...

 

[denysy1]

Here's the report from clean up...it seams like I used every program there is for cleaning up. I can't imagine how anything could survive it. But then again I'm not the pro...

CleanUp! started on 01/26/06 16:55:07.
...
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\SHORT BRACKETS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\TITLE BLOCK D1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wal (anchor bolts).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wall (black).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wall - black.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wall BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wall(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Cacopy at Wall.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED) (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED) - BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED) -black.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED)#1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED)-BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge (INCLINED).BLACKdwg.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Canopy at slab edge.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Floor Plans (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Floor Plans BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Floor Plans(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\Floor Plans.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\GENERAL REQUIREMENTS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\LONG WALL BRACKET (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\LONG WALL BRACKET(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\LONG WALL BRACKET.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\SCREW.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\SHORT BRACKETS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW\TITLE BLOCK D1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wal (anchor bolts).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall (black).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall - black.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall- D9.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Cacopy at Wall.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED) (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED) - BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED) -black.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED)#1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED)-BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED)-D7.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge (INCLINED).BLACKdwg.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge-D6-2.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge-U704.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Canopy at slab edge.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Floor Plans (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Floor Plans BLACK.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Floor Plans(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Floor Plans-D1 TO D6.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\Floor Plans.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\GENERAL REQUIREMENTS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\LONG WALL BRACKET (BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\LONG WALL BRACKET(BLACK).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\LONG WALL BRACKET- D8.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\LONG WALL BRACKET.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\SCREW.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\SHORT BRACKETS- D10.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\SHORT BRACKETS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\AFTER 1stREVIEW (ONGOING CHANGES)\TITLE BLOCK D1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\Canopy at slab edge (INCLINED)-D7.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\Canopy at slab edge-U704.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D1 to D6 - Floor Plans.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D10 - SHORT BRACKETS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D11 - Canopy at slab edge.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D7 - Canopy at slab edge (INCLINED).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D8 - LONG WALL BRACKET.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\ASBUILT VERSION\D9 - Cacopy at Wall.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\INITIAL(TRADITIONAL) VERSION\Cacopy at Wall.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\INITIAL(TRADITIONAL) VERSION\Canopy at slab edge (INCLINED)#1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\INITIAL(TRADITIONAL) VERSION\Canopy at slab edge (INCLINED).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\INITIAL(TRADITIONAL) VERSION\Canopy at slab edge.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Pacific Point (Prg.2)\RDH-Pacific Point (Prg.2)\INITIAL(TRADITIONAL) VERSION\SHORT BRACKETS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Balcony Arcs 1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Balcony Arcs.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Balcony types.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\D1- GENERAL NOTES.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\D2 - FLOOR PLAN.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\D3; D4 - Balcony types.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\D5 - Section Details.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Floor Plan.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Glass.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Section Details.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Title block D1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Title block D2.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Title block D3.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Title block D4.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\RDH-Parkhill\Title block.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Robert Libera\STAIRS - 1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Robert Libera\STAIRS - 1_recover.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Robert Libera\STAIRS.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Robert Libera\STAIRS_recover.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\AL-6 DIE CAST.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\Alum.Picket Small End.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\Bars.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\COLLARS AND SHOES.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\Ends.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SCREW.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\Set of bars 4 & 5in.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\Set of bars 4in.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\BRACKETS\SMC3.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\COLLARS&SHOES\10-05 (#8521).bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\COLLARS&SHOES\10-06.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\COLLARS&SHOES\BC-02-ALD.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\AL - 1.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\AL - 2.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\AL-6 DIE CAST.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\Ends.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\PB - 01.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\PB - 10.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\Standard Elements\SREAR POINTS\SP-05.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\THE CITY OF N. VANCOUVER\Copy of SQUARE WAYFINDING.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\THE CITY OF N. VANCOUVER\Copy of TRIANGLE WAYFINDING.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\THE CITY OF N. VANCOUVER\SQUARE WAYFINDING.bak - deleted
C:\Documents and Settings\Victor\My Documents\Victor\work\RIVERSIDE\THE CITY OF N. VANCOUVER\TRIANGLE WAYFINDING.bak - deleted
C:\Documents and Settings\Victor\UserData\index.dat - deleted
C:\My Shared Folder\New Folder\~$re Than A Mother (XXX Sex Story Stories Doc).doc - deleted
C:\Program Files\SolidWorksswxJRNL.BAK - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil49.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4A.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4B.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4C.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4D.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4E.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil4F.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil50.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil51.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil52.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil53.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil54.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil55.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil56.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil57.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil58.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil59.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5A.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5B.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5C.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5D.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5E.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil5F.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil60.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil61.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil62.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil63.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil64.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil65.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil66.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil67.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil68.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil69.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6A.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6B.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6C.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6D.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6E.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil6F.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil70.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil71.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil72.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil73.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil74.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil75.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\fil76.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\reg44.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\reg45.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\reg46.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\reg47.tmp - deleted
C:\Program Files\ewido anti-malware\Quarantine\reg48.tmp - deleted
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVOPTS.BAK - deleted
C:\Program Files\ReGetDx\default.bak - deleted
C:\Quake III Arena\Quake3\baseq3\padshop.pk3.tmp - deleted
C:\Quake III Arena\Quake3\baseq3\ztn3dm1.pk3.tmp - deleted
C:\Quake III Arena\Quake3\baseq3\[pwfc].pk3.tmp - deleted
C:\RECYCLER\NPROTECT\00082680.wa~ - deleted
C:\WINDOWS\$$TEMP$$.~~~ - deleted
C:\WINDOWS\imsins.BAK - deleted
C:\WINDOWS\Debug\UserMode\userenv.bak - deleted
C:\WINDOWS\inf\mplayer2.bak - deleted
C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat.bak - deleted
C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat - deleted
C:\WINDOWS\Resources\Themes\Luna\luna.msstyles - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\wpa.bak - deleted
C:\WINDOWS\system32\CONFIG.TMP - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005091020050911\index.dat - deleted
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\system32\usmt\migwiz.exe.manifest - deleted
'Run MRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.0 recovered 816.7 MB of disk space from 36644 files.
CleanUp! finished on 01/26/06 17:05:39.

 

[Osiris]

now post your hijackthis log

 

[denysy1]

Logfile of HijackThis v1.99.1
Scan saved at 5:45:29 PM, on 26/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Victor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127177889524
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127177852661
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe