Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

dochido

5 Posts

8868

December 5th, 2004 17:00

registry report spyware problem help!

i have spyware on my computer that can't be removed. i've tried numerous spyware programs, which claims it removed the spyware but after a reboot the spyware comes back, specifically the "elite bar".  as per an earlier thread i've posted whats in my registry run:
 
AIM
Hahh
MsnMsgr
Weather
Xrvizpgu
 
AdUserMon
Apoint
CriticalUpdate
Deskup
Epson Stylus C82 series
HKSERV.exe
HPWIToolbox
Iomega Drive Icons
Jogserv2.exe
Kalvsys
LoadQM
LVCOMS
MouseSuite 98 Daemon
Promon.exe
PRPC Monitor
SBWatchDog.exe
SmartLabelOServer
SynchroniztionManager
TBPS
TRBellEXE

dochido

5 Posts

December 5th, 2004 18:00

i've used spyblaster, spybot, and ad-aware

zbestwun2001

4 Apprentice

 • 

8.8K Posts

December 5th, 2004 18:00

Could you please tell us what applications you have tried using to remove the spyware?
Thanks
Steve

Message Edited by zbestwun2001 on 12-05-2004 12:05 PM

Midnight Star

4.8K Posts

December 5th, 2004 20:00

dochido,

Post us up a HiJackThis log and we'll take a look.

Mike.

dochido

5 Posts

December 6th, 2004 23:00

Logfile of HijackThis v1.97.7
Scan saved at 8:45:24 PM, on 12/6/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Smart Label\SSLOServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\PELMICED.EXE
C:\WINNT\System32\Promon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\loadqm.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe
C:\Documents and Settings\Dora\Application Data\icoc.exe
C:\WINNT\System32\w?nlogon.exe
C:\Program Files\BatteryScope\Batmgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\bobby.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dora\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Smart Label OServer] C:\Program Files\Sony\Smart Label\SSLOServ.exe
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINNT\System32\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINNT\System32\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [kalvsys] c:\winnt\system32\kalvhix32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [Hahh] C:\Documents and Settings\Dora\Application Data\icoc.exe
O4 - HKCU\..\Run: [Xrvizpgu] C:\WINNT\System32\w?nlogon.exe
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\Batmgr.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .DImg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .SWF: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npswf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Midnight Star

4.8K Posts

December 7th, 2004 19:00

dochido,

Let's get the newest version of HijackThis, then post back a new log along with the above entry(s).

Mike.

Message Edited by Midnight Star on 12-07-2004 03:22 PM

dochido

5 Posts

December 8th, 2004 02:00

Logfile of HijackThis v1.98.2
Scan saved at 11:09:56 PM, on 12/7/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Smart Label\SSLOServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\PELMICED.EXE
C:\WINNT\System32\Promon.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\loadqm.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe
C:\Documents and Settings\Dora\Application Data\icoc.exe
C:\WINNT\System32\w?nlogon.exe
C:\Program Files\BatteryScope\Batmgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Smart Label OServer] C:\Program Files\Sony\Smart Label\SSLOServ.exe
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINNT\System32\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINNT\System32\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvhix32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [Hahh] C:\Documents and Settings\Dora\Application Data\icoc.exe
O4 - HKCU\..\Run: [Xrvizpgu] C:\WINNT\System32\w?nlogon.exe
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\Batmgr.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .DImg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .SWF: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npswf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab

 

Message Edited by dochido on 12-07-2004 10:09 PM

Midnight Star

4.8K Posts

December 8th, 2004 17:00

dochido,
 
Search miracle can be very difficult to remove - it also looks like there's residual 'lop' present.
 
So, let's take pass at it and see what we have...
 
 
Go to Add/Remove programs and remove(uninstall) the following, if present:
 
  • Elite-Toolbar
  • TBPS
 
If the TBPS entry isn't there, try entering this from a command line:
 
C:\PROGRA~1\Toolbar\TBPS.exe uninst
 
-----
 
Reboot into " Safe Mode"
 
 
Go to Windows Task Manager, then locate and 'end' the following processes, if present:
 
  • icoc.exe
  • TBPS.exe
  • kalvhix32.exe
 
Unregister the following dll(s), from a command line:
 
regsvr32 /u " EliteToolBar version 58.dll" ( include the quotes)
 
 
Run HiJackThis and click " Scan", then check(tick the following, if present:
 
 
R3 - Default URLSearchHook is missing
 
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
 
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 58.dll
 
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvhix32.exe
O4 - HKCU\..\Run: [Hahh] C:\Documents and Settings\Dora\Application Data\icoc.exe
O4 - HKCU\..\Run: [Xrvizpgu] C:\WINNT\System32\w?nlogon.exe
 
 
Now, with all windows closed click " Fix checked".
 

Next, locate and delete the following item(s), if present, Make sure your able to view system and hidden files and folders:

files...

C:\winnt\system32\kalvhix32.exe
C:\Documents and Settings\Dora\Application Data\icoc.exe

folders...

C:\PROGRA~1\Toolbar

C:\WINNT\EliteToolBar

Post back a new log.

Mike.

 

dochido

5 Posts

December 9th, 2004 01:00

thanks mike for your help.  btw,what is search miracle?  here's another log..

 

Logfile of HijackThis v1.98.2
Scan saved at 10:10:14 PM, on 12/8/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Smart Label\SSLOServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\PELMICED.EXE
C:\WINNT\System32\Promon.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\loadqm.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe
C:\Program Files\BatteryScope\Batmgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Smart Label OServer] C:\Program Files\Sony\Smart Label\SSLOServ.exe
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINNT\System32\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINNT\System32\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - Global Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\Batmgr.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .DImg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .SWF: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npswf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab

Midnight Star

4.8K Posts

December 9th, 2004 22:00

dochido,
 
Here's a google search on it; see if this helps - there's quite alot of information available.
 
 
Uninstall SBWatchDog, or have HiJackThis 'fix' this entry:
 
 
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINNT\System32\SBUtils\SBWatchDog.EXE /l

 

Then, locate and delete the following item(s):

C:\WINNT\System32\SBUtils\SBWatchDog.EXE

-----
 
This is information on SBWatchdog.EXE...
 
" Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank. See here for more information."
 
(The above courtesy of www.castlecops.com - an excellent resource.)
 
 
Now for the cleanup...

Run "Disk Cleanup" and allow it to remove everything it finds.

Run AdAware SE Personal and Spybot S&D to remove any residual registry entry(s) that we're left by the infection.

Disable, then re-enable system restore (to 'flush' your current restore points), then immediately create a new one manually.

How are things looking? Better? You should now be ok. If your having any more problems, post them back.

Mike.

 

Was this post helpful?

View All

No Events found!

Top