dmurph88
asked on
Home Search Assistent
Hello. After reading previous posts, I downloaded Silent Runners and attached the log file. Please help.
LOG FILE:
"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
-------------------------- -------
HKCU\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Run\ {++}
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR AY.DLL,NvT askbarInit " [MS]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INST AL~1\UPDAT E~1\ISUSPM .exe -startup" ["InstallShield Software Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe " -atboottime" ["Apple Computer, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTr ay.exe" ["Symantec Corporation"]
"Synchronization Manager" = "C:\WINDOWS\system32\mobsy nc.exe /logon" [MS]
"MMTray" = "C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe" ["MUSICMATCH, Inc."]
"SMART Mirror Driver Monitor Service" = ""C:\Documents and Settings\dmurph88\Applicat ion Data\Bridgit\monitorservic e.exe"" ["SMART Technologies"]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper. exe" ["Apple Computer, Inc."]
"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" " ["Adobe Systems Inc."]
"Default" = (no data)
"AdaptecDirectCD" = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" ["Roxio"]
"Share-to-Web Namespace Daemon" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"syssp32.exe" = "C:\WINDOWS\system32\syssp 32.exe" [null data]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Explorer\ Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3}\(Defaul t) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll" ["Adobe Systems Incorporated"]
{A7965648-2D3D-951F-7592-B 85CE722DB0 2}\(Defaul t) = (no title provided)
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\iemm32.dll" [null data]
{AA58ED58-01DD-4d91-8333-C F10577473F 7}\(Defaul t) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(De fault) = "c:\program files\google\googletoolbar 1.dll" ["Google Inc."]
{AE7CD045-E861-484f-8273-0 445EE16191 0}\(Defaul t) = "AcroIEToolbarHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24- 00a0c9068f f3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(De fault) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E- 00AA0030EB C8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\System32\htico ns.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF- 0050048385 97}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll " [MS]
"{1CDB2949-8F65-4355-8456- 263E7C208A 5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\System32\nvshe ll.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B- B8DA88302A 47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\System32\nvshe ll.dll" ["NVIDIA Corporation"]
"{BDA77241-42F6-11d0-85E2- 00AA001FE2 8C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{640167b4-59b0-47a6-b335- a6b3c0695a ea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\system32\Audio dev.dll" [MS]
"{cc86590a-b60a-48e6-996b- 41d25ed39a 1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(De fault) = "C:\WINDOWS\system32\Audio dev.dll" [MS]
"{00020D75-0000-0000-C000- 0000000000 46}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(De fault) = "C:\PROGRA~1\MICROS~2\OFFI CE11\MLSHE XT.DLL" [MS]
"{0006F045-0000-0000-C000- 0000000000 46}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(De fault) = "C:\PROGRA~1\MICROS~2\OFFI CE11\OLKFS TUB.DLL" [MS]
"{B9E1D2CB-CCFF-4AA6-9579- D7A4754030 EF}" = "iTunes"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\iTunes\iTunesMiniPla yer.dll" ["Apple Computer, Inc."]
"{D25B2CAB-8A9A-4517-A9B2- CB5F68A5A8 02}" = "Adobe.Acrobat.ContextMenu "
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{5E44E225-A408-11CF-B581- 0080296011 08}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(De fault) = "C:\PROGRA~1\Roxio\EASYCD~ 1\DirectCD \Shellex.d ll" ["Roxio"]
"{A4DF5659-0801-4A60-9607- 1C48695EFD A9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(De fault) = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
HKLM\Software\Microsoft\Wi ndows NT\CurrentVersion\Winlogon \Notify\
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLo gon.dll" ["Symantec Corporation"]
HKCU\Software\Policies\Mic rosoft\Win dows\Syste m\Scripts\ Logon\0
DisplayName = "Drive Mappings and Shortcuts"
\0 -> launches: "\\sspj.com\SysVol\sspj.co m\Policies \{54B3E135 -FEBB-44E0 -B80F-F8DD D09AAB86}\ User\Scrip ts\Logon\M apDrives.v bs" [** WMI GetObject error **]
\1 -> launches: "\\sspj.com\SysVol\sspj.co m\Policies \{54B3E135 -FEBB-44E0 -B80F-F8DD D09AAB86}\ User\Scrip ts\Logon\C reateShort cuts.vbs" [** WMI GetObject error **]
HKCU\Software\Policies\Mic rosoft\Win dows\Syste m\Scripts\ Logon\1
DisplayName = "Printer Policy"
\0 -> launches: "\\sspj.com\SysVol\sspj.co m\Policies \{2D50C877 -2226-41DE -8B97-C3E3 9A3EA9AA}\ User\Scrip ts\Logon\S SPJPrinter s.vbs" [** WMI GetObject error **]
HKCU\Software\Policies\Mic rosoft\Win dows\Syste m\Scripts\ Logon\2
DisplayName = "Faculty Redirected Folders"
\0 -> launches: "\\sspj.com\SysVol\sspj.co m\Policies \{63FD7E4F -20EF-4ECF -8B5B-7DA5 DD465958}\ User\Scrip ts\Logon\r edirectfav orites.vbs " [** WMI GetObject error **]
HKLM\Software\Classes\PROT OCOLS\Filt er\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672- 00B0D022E9 45}"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.D LL" [MS]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon .scr" [MS]
Startup items in "dmurph88" & "All Users" startup folders:
-------------------------- ---------- ---------- ---------- --
C:\Documents and Settings\dmurph88\Start Menu\Programs\Startup
"HotSync Manager" -> shortcut to: "C:\Program Files\Palm\HOTSYNC.EXE" ["Palm, Inc."]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC7 6BA86-1033 -0000-7760 -000000000 002}\SC_Ac robat.exe" [null data]
"DataViz Messenger" -> shortcut to: "C:\WINDOWS\DvzCommon\DvzM sgr.exe" [null data]
"SMART Board Tools" -> shortcut to: "C:\Program Files\SMART Board software\SMARTBoardTools.e xe" ["SMART Technologies Inc."]
Winsock2 Service Provider DLLs:
-------------------------- -----
Namespace Service Providers
HKLM\System\CurrentControl Set\Servic es\Winsock 2\Paramete rs\NameSpa ce_Catalog 5\Catalog_ Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\msw sock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\win rnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\msw sock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControl Set\Servic es\Winsock 2\Paramete rs\Protoco l_Catalog9 \Catalog_E ntries\ {++}
0000000000##\PackedCatalog Item (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwor k1.dll [null data], 01 - 03, 15
%SystemRoot%\system32\msws ock.dll [MS], 04 - 06, 09 - 14
%SystemRoot%\system32\rsvp sp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
-------------------------- ----------
Toolbars
HKCU\Software\Microsoft\In ternet Explorer\Toolbar\ShellBrow ser\
"{2318C2B1-4965-11D4-9B18- 009027A5CD 4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De fault) = "c:\program files\google\googletoolbar 1.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8- 0819E2EAAC 93}"
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll" ["Adobe Systems Incorporated"]
HKCU\Software\Microsoft\In ternet Explorer\Toolbar\WebBrowse r\
"{2318C2B1-4965-11D4-9B18- 009027A5CD 4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De fault) = "c:\program files\google\googletoolbar 1.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8- 0819E2EAAC 93}"
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\In ternet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18- 009027A5CD 4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De fault) = "c:\program files\google\googletoolbar 1.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8- 0819E2EAAC 93}"
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\Software\Microsoft\In ternet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-B EB1D02A220 B}\
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll" ["Adobe Systems Incorporated"]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSI D\{FF059E3 1-CC5A-4E2 E-BF3B-96E 929D65503} \
(Default) = "&Research"
Implemented Categories\{00021493-0000- 0000-C000- 0000000000 46}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI CE11\REFIE BAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\In ternet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3 C9C571A826 3}\
"ButtonText" = "Research"
{AC9E2541-2814-11D5-BC6D-0 0B0D0A1DE4 5}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{B13B4423-2647-4CFC-A4B3-C 7D56CB8348 7}\
"ButtonText" = "Share in Hello"
"MenuText" = "Share in H&ello"
"CLSIDExtension" = "{B13B4423-2647-4cfc-A4B3- C7D56CB834 87}"
-> {CLSID}\InProcServer32\(De fault) = "C:\Program Files\Hello\PicasaCapture. dll" ["Picasa, Inc."]
{FB5F1910-F110-11D2-BB9E-0 0C04F79568 3}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe " [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
-------------------------- ---------- ---------- ---------- ----------
INFECTION WARNING! The running services cannot be counted.
Presence of a spyware service is suspected.
The script has been forced to exit.
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
LOG FILE:
"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
--------------------------
HKCU\SOFTWARE\Microsoft\Wi
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
HKLM\SOFTWARE\Microsoft\Wi
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INST
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTr
"Synchronization Manager" = "C:\WINDOWS\system32\mobsy
"MMTray" = "C:\Program Files\MUSICMATCH\MUSICMATC
"SMART Mirror Driver Monitor Service" = ""C:\Documents and Settings\dmurph88\Applicat
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.
"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Default" = (no data)
"AdaptecDirectCD" = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" ["Roxio"]
"Share-to-Web Namespace Daemon" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"syssp32.exe" = "C:\WINDOWS\system32\syssp
HKLM\Software\Microsoft\Wi
{06849E9F-C8D7-4D59-B87D-7
-> {CLSID}\InProcServer32\(De
{A7965648-2D3D-951F-7592-B
-> {CLSID}\InProcServer32\(De
{AA58ED58-01DD-4d91-8333-C
-> {CLSID}\InProcServer32\(De
{AE7CD045-E861-484f-8273-0
-> {CLSID}\InProcServer32\(De
HKLM\Software\Microsoft\Wi
"{42071714-76d4-11d1-8b24-
-> {CLSID}\InProcServer32\(De
"{88895560-9AA2-1069-930E-
-> {CLSID}\InProcServer32\(De
"{42042206-2D85-11D3-8CFF-
-> {CLSID}\InProcServer32\(De
"{1CDB2949-8F65-4355-8456-
-> {CLSID}\InProcServer32\(De
"{1E9B04FB-F9E5-4718-997B-
-> {CLSID}\InProcServer32\(De
"{BDA77241-42F6-11d0-85E2-
-> {CLSID}\InProcServer32\(De
"{640167b4-59b0-47a6-b335-
-> {CLSID}\InProcServer32\(De
"{cc86590a-b60a-48e6-996b-
-> {CLSID}\InProcServer32\(De
"{00020D75-0000-0000-C000-
-> {CLSID}\InProcServer32\(De
"{0006F045-0000-0000-C000-
-> {CLSID}\InProcServer32\(De
"{B9E1D2CB-CCFF-4AA6-9579-
-> {CLSID}\InProcServer32\(De
"{D25B2CAB-8A9A-4517-A9B2-
-> {CLSID}\InProcServer32\(De
"{5E44E225-A408-11CF-B581-
-> {CLSID}\InProcServer32\(De
"{A4DF5659-0801-4A60-9607-
-> {CLSID}\InProcServer32\(De
HKLM\Software\Microsoft\Wi
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLo
HKCU\Software\Policies\Mic
DisplayName = "Drive Mappings and Shortcuts"
\0 -> launches: "\\sspj.com\SysVol\sspj.co
\1 -> launches: "\\sspj.com\SysVol\sspj.co
HKCU\Software\Policies\Mic
DisplayName = "Printer Policy"
\0 -> launches: "\\sspj.com\SysVol\sspj.co
HKCU\Software\Policies\Mic
DisplayName = "Faculty Redirected Folders"
\0 -> launches: "\\sspj.com\SysVol\sspj.co
HKLM\Software\Classes\PROT
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-
-> {CLSID}\InProcServer32\(De
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon
Startup items in "dmurph88" & "All Users" startup folders:
--------------------------
C:\Documents and Settings\dmurph88\Start Menu\Programs\Startup
"HotSync Manager" -> shortcut to: "C:\Program Files\Palm\HOTSYNC.EXE" ["Palm, Inc."]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC7
"DataViz Messenger" -> shortcut to: "C:\WINDOWS\DvzCommon\DvzM
"SMART Board Tools" -> shortcut to: "C:\Program Files\SMART Board software\SMARTBoardTools.e
Winsock2 Service Provider DLLs:
--------------------------
Namespace Service Providers
HKLM\System\CurrentControl
000000000001\LibraryPath = "%SystemRoot%\System32\msw
000000000002\LibraryPath = "%SystemRoot%\System32\win
000000000003\LibraryPath = "%SystemRoot%\System32\msw
Transport Service Providers
HKLM\System\CurrentControl
0000000000##\PackedCatalog
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwor
%SystemRoot%\system32\msws
%SystemRoot%\system32\rsvp
Toolbars, Explorer Bars, Extensions:
--------------------------
Toolbars
HKCU\Software\Microsoft\In
"{2318C2B1-4965-11D4-9B18-
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De
"{47833539-D0C5-4125-9FA8-
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De
HKCU\Software\Microsoft\In
"{2318C2B1-4965-11D4-9B18-
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De
"{47833539-D0C5-4125-9FA8-
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De
HKLM\Software\Microsoft\In
"{2318C2B1-4965-11D4-9B18-
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(De
"{47833539-D0C5-4125-9FA8-
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De
Explorer Bars
HKLM\Software\Microsoft\In
{182EC0BE-5110-49C8-A062-B
-> {CLSID}\(Default) = "Adobe PDF"
-> {CLSID}\InProcServer32\(De
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSI
(Default) = "&Research"
Implemented Categories\{00021493-0000-
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFI
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\In
{92780B25-18CC-41C8-B9BE-3
"ButtonText" = "Research"
{AC9E2541-2814-11D5-BC6D-0
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{B13B4423-2647-4CFC-A4B3-C
"ButtonText" = "Share in Hello"
"MenuText" = "Share in H&ello"
"CLSIDExtension" = "{B13B4423-2647-4cfc-A4B3-
-> {CLSID}\InProcServer32\(De
{FB5F1910-F110-11D2-BB9E-0
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe
Running Services (Display Name, Service Name, Path {Service DLL}):
--------------------------
INFECTION WARNING! The running services cannot be counted.
Presence of a spyware service is suspected.
The script has been forced to exit.
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
ASKER
Hey rossfingal, thanks for your help. I have attached the link.
http://www.hijackthis.de/logfiles/6630ca948a674b8eb7e99d281d2f0628.html
http://www.hijackthis.de/logfiles/6630ca948a674b8eb7e99d281d2f0628.html
ASKER
A couple of other notes. I am a teacher, and I think I got this from downloading a SuperFriends .wav file of Apache Chief for a colleague (don't ask). Is Home Search Assistent the cause of the following problems?
1) IE opens to about:blank instead of standard homepage
2) when I get on Internet it bounces me right off
3) outlook not functioning properly
1) IE opens to about:blank instead of standard homepage
2) when I get on Internet it bounces me right off
3) outlook not functioning properly
Hi!
I'm looking at your log right now.
Yes, those do sound like symptoms of HSA. :(
Back in a while.
RF
I'm looking at your log right now.
Yes, those do sound like symptoms of HSA. :(
Back in a while.
RF
Here's a page with complete removal instructions:
http://www.pchell.com/support/onlythebest.shtml
Take your time and go through them without skipping any steps.
It may seem like it's "involved" - however; short of the "dreaded", "format/reinstall" -
it's about the only way to remove this. :)
After you've gone through the removal procedure -
run HijackThis again and post a LINK to your new log file here.
Sometimes, when you get this on your computer -
you get other things, which show up when it is removed.
The bad "Service" is this one:
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\system32\crwz32 .exe
Post back here if you have any problems/questions.
Good luck!
RF
http://www.pchell.com/support/onlythebest.shtml
Take your time and go through them without skipping any steps.
It may seem like it's "involved" - however; short of the "dreaded", "format/reinstall" -
it's about the only way to remove this. :)
After you've gone through the removal procedure -
run HijackThis again and post a LINK to your new log file here.
Sometimes, when you get this on your computer -
you get other things, which show up when it is removed.
The bad "Service" is this one:
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\system32\crwz32
Post back here if you have any problems/questions.
Good luck!
RF
ASKER
I have the ability to put a new clean ghost image on this machine. Will that rid the machine of this problem? I am thinking that may be easier...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You might start using a different web browser
Firefox:
http://www.getfirefox.com/
or
Opera:
http://www.opera.com/
Both will support you in avoiding to download and install malware by accident.
Tolomir
Firefox:
http://www.getfirefox.com/
or
Opera:
http://www.opera.com/
Both will support you in avoiding to download and install malware by accident.
Tolomir
I would also recommend downloading and regularly running
Ad Adware www.lavasoft.com and Spy bot search and destroy http://www.safer-networking.org/en/mirrors/
This doesnt remove every peice of spyware but should certainly reduce the risk and help keep your machine clean.
Graeme
Ad Adware www.lavasoft.com and Spy bot search and destroy http://www.safer-networking.org/en/mirrors/
This doesnt remove every peice of spyware but should certainly reduce the risk and help keep your machine clean.
Graeme
the ghost image is the same thing as formatting the computer and reinstalling, it does it all for you real quick.
i would reccomend a peice of software that has yet to dissapoint me in removing spyware/adware.
http://www.download.com/1200-2018-5139934.html
this has been successful at removing spyware that adaware, sybot, and the MS tool could not! i hope this company keeps up the good work! just make sure to run the update after you download and install it.
Download HijackThis (ver. 1.99.1) from:
http://www.gatesofdelirium.com/ee/tools/
Place it into a folder of it's own - something like:
C:\HJT\hijackthis.exe or C:\Program Files\HJT\hijackthis.exe
Do not run it directly from the "Zip" file, a "temp" folder, or the Desktop.
HijackThis makes "backups" and it's good to have them in a centralized location.
With all browser windows closed - run HijackThis and
copy and paste the log file into the Analysis site here:
http://www.hijackthis.de/en
Click on the "Analyze" button; and when the analysis is done -
Click on the "Save Analysis" button -
A page will be generated with your saved analysis -
Post a LINK to that page back here.
Please, do not post your HijackThis log file here!
We'll take a look at it! :)
Good luck!
RF