re: Spyware & IE problems Friday, December 3, 2004 at 2:56 pm Windows XP Annoyances Discussion Forum Posted by Seth (50 messages posted) Hi Yap, I have done as advised except I could not find the teatimer feature on Spybot (running version 1.2). Here is another copy of my Hijack log. Will leave PC on for a while to see if browser opens up by itself and directs me to best.globesearch.com. (PS. it doesn't matter whether Mozilla or IE is default browser, the default browser opens by itself and goes to the website listed above) Logfile of HijackThis v1.98.2 Scan saved at 9:55:28 AM, on 4/12/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Telstra\Cable Login\bpcable.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\BPALogin\BPALogin.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\System32\DkLog.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\dkcktkn.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Documents and Settings\Dr Gothic\Desktop\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: BPALogin.lnk = C:\Program Files\BPALogin\BPALogin.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://nsw-chat.telstra.com/java/cr.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093177363265 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab On Friday, December 3, 2004 at 12:21 am, Yap wrote: >I found something back in the registry... >Download and run AboutBuster >it will run twice... just let it... >from the latest hijackthislog fixed below items and delete the real files > R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} >- (no >file) >O4 - HKCU\..\Run: [Udoc] C:\Documents and Settings\Dr Gothic\Application >Data\rpat.exe (remove this one if you do not need seem like something related to >a driving school) >O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab >  >I also suggest you to apply two tools as ive suggest you before spybot (turn on it's >resident teatimer feature) and spywareblaster... they will give you extra protection >update them religiously :) Written in response to: re: Spyware & IE problems (Yap: Friday, December 3, 2004 at 12:21 am) Responses to this message: re: Spyware & IE problems (Yap: Friday, December 3, 2004 at 3:51 pm) re: Spyware & IE problems (Ms. Eagle: Sunday, December 5, 2004 at 2:19 am) All messages in this thread [show all] Spyware & IE problems (Seth: Mon, Nov 29, 2004, 4:11 am) re: Spyware & IE problems (Yap: Mon, Nov 29, 2004, 4:39 am) re: Spyware & IE problems (Seth: Mon, Nov 29, 2004, 4:59 am) re: Spyware & IE problems (joe: Mon, Nov 29, 2004, 6:07 am) re: Spyware & IE problems (Yap: Mon, Nov 29, 2004, 6:28 am) re: Spyware & IE problems (Tkwiget: Mon, Nov 29, 2004, 6:14 am) re: Spyware & IE problems (joe: Mon, Nov 29, 2004, 6:57 am) re: Spyware & IE problems (Deosyne: Mon, Nov 29, 2004, 12:39 pm) re: Spyware & IE problems (joe: Mon, Nov 29, 2004, 1:00 pm) re: Spyware & IE problems (Falcon: Mon, Nov 29, 2004, 1:30 pm) re: Spyware & IE problems (joe: Mon, Nov 29, 2004, 1:38 pm) re: Spyware & IE problems (Seth: Mon, Nov 29, 2004, 11:39 pm) re: Spyware & IE problems (Yap: Tue, Nov 30, 2004, 2:52 am) re: Spyware & IE problems (Seth: Thu, Dec 2, 2004, 5:06 pm) re: Spyware & IE problems (Yap: Thu, Dec 2, 2004, 7:38 pm) re: Spyware & IE problems (Seth: Thu, Dec 2, 2004, 11:42 pm) re: Spyware & IE problems (Yap: Fri, Dec 3, 2004, 12:21 am) re: Spyware & IE problems (Seth: Fri, Dec 3, 2004, 2:56 pm) re: Spyware & IE problems (Yap: Fri, Dec 3, 2004, 3:51 pm) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 1:15 am) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 1:20 am) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 3:18 am) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 3:27 am) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 2:16 pm) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 2:53 pm) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 2:56 pm) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 4:24 pm) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 5:28 pm) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 7:07 pm) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 9:19 pm) re: Spyware & IE problems (Yap: Sat, Dec 4, 2004, 10:16 pm) re: Spyware & IE problems (Seth: Sat, Dec 4, 2004, 11:20 pm) re: Spyware & IE problems (Seth: Sun, Dec 5, 2004, 2:00 am) re: Spyware & IE problems (Yap: Sun, Dec 5, 2004, 2:03 am) re: Spyware & IE problems (Seth: Mon, Dec 6, 2004, 1:05 am) re: Spyware & IE problems (Yap: Mon, Dec 6, 2004, 3:12 am) re: Spyware & IE problems (Ms. Eagle: Sun, Dec 5, 2004, 2:19 am) re: Spyware & IE problems (Seth: Sun, Dec 5, 2004, 11:12 pm) re: Spyware & IE problems (Seth: Mon, Dec 6, 2004, 1:13 am) re: Spyware & IE problems (Ms. Eagle: Mon, Dec 6, 2004, 7:30 am) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum