Jump to content
Sign in to follow this  
barebear

can't keep a BHO deleted

Recommended Posts

The culprit shows up in a HJT scan as:

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

This was left behind after the removal of Bluefrog Anti-Spam;I have verified it online via a Scroogle search as belonging to Bluefrog.

 

Also present in the registry is bluefrog_bho.dll.

 

Both the 02 item and the dll show up in Regedit/find as well as in JV16 Powertoools/ Registry Finder searches

 

I have unsuccessfully attempted to remove them in Safe Mode as well as via HJT, don't believe either is causing me any problems, but want every possible uneeded item removed from my system.

 

I run multiple antispyware programs as well as V-Com System Suite; they report no issues and my system runs fast and clean with no discernable problems.

 

Please advise how to permanently eliminate these obsolete items

Share this post


Link to post
Share on other sites

Rescan with HJT, check:

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

Close all windows and programs except HJT, then click 'fix checked'.

 

Reboot

 

Please download the Killbox © Option^Explicit.

Unzip it to the desktop but do NOT run it yet.

 

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.

Please double-click Killbox.exe to run it.

 

When it is open, enter C:\Program Files\Blue Security\bluefrog_bho.dll

into the field labeled "Full path of file to delete".

 

Select the Delete on reboot option.

 

Then press the button that looks like a red circle with a white X in it.

If your computer does not restart automatically, please restart it manually.

 

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Share this post


Link to post
Share on other sites

Rescan with HJT, check:

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

Close all windows and programs except HJT, then click 'fix checked'.

 

Reboot

 

Please download the Killbox © Option^Explicit.

Unzip it to the desktop but do NOT run it yet.

 

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.

Please double-click Killbox.exe to run it.

 

When it is open, enter C:\Program Files\Blue Security\bluefrog_bho.dll

into the field labeled "Full path of file to delete".

 

Select the Delete on reboot option.

 

Then press the button that looks like a red circle with a white X in it.

If your computer does not restart automatically, please restart it manually.

 

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

 

 

Hi Jacee,

Thank you so much for your time and help! I have followed your instructions exactly

but the

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

still appears when I do a HJT scan. A log follows this for your perusal. I should mention that when I removed Blue Frog, I did go into the Program files and delete the folder that was left after the uninstall--I presume thats why the item shows up as "no name....no file"?

My instincts tell me that if I were able to send you a JPEG of what JV 16 powertools finds where and when it does a Registry Finder search for {7632ABCA-B104-4fbc-9C70-419C41470619} and bluefrog_bho.dll, it might be of great help to you in determining what/how to do to eliminate the item. If my hunch is right, please advise how I can get a JPEG to you.

 

Reg Edit/find shows the exact location of {7632ABCA-B104-4fbc-9C70-419C41470619} as being:

 

HKCU\Software\Microsoft\Windows\Current Version\Ext\Stats\{7632ABCA-B104-4fbc-9C70-419C41470619}

 

A Reg Edit/find search for "bluefrog_bho.dll" turns up nothing.

 

Logfile of HijackThis v1.99.1

Scan saved at 1:11:43 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\Program Files\Hjt\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Share this post


Link to post
Share on other sites

Hi Jacee,

 

I just ran a JV16 Powertools search for bluefrog_bho.dll; it found nothing. I then did a search for

 

{7632ABCA-B104-4fbc-9C70-419C41470619} ; this turned up 5 items in

 

HKCU\Software\Microsoft\Windows\Current Version\Ext\Stats\{7632ABCA-B104-4fbc-9C70-419C41470619}

 

4 of the items show up as

 

HKCU\Software\Microsoft\Windows\Current Version\Ext\Stats\{7632ABCA-B104-4fbc-9C70-419C41470619}\iexplore\

 

1 item shows up as

 

HKCU\Software\Microsoft\Windows\Current Version\Ext\Stats\{7632ABCA-B104-4fbc-9C70-419C41470619}\

 

JV 16 also turned up 1 item in

 

HKLM\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{7632ABCA-B104-4fbc-9C70-419C41470619}

 

I would like very much to send you a JPEG showing the entry name and value results for each item--it'll take a long time to type out by hand and I can't copy/paste from Clipboard. Will wait to hear from you; thanks again for your time and help!

Share this post


Link to post
Share on other sites

Hi Jacee,

I just finally figured out how to save/copy/paste the JV 16 results.

Here they are and I sure hope they help with solving how to permanently eliminate

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

 

jv16 PowerTools 2006 [1.5.2.338]

 

Data fields are: Key, Entry's name, Value, Entry last modified

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7632ABCA-B104-4FBC-9C70-419C41470619}\, {KEY}, {KEY}, 27.05.2006, 12:40

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7632ABCA-B104-4FBC-9C70-419C41470619}\iexplore\, {KEY}, {KEY}, 27.05.2006, 14:19

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7632ABCA-B104-4FBC-9C70-419C41470619}\iexplore\, Type, 3, 27.05.2006, 14:19

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7632ABCA-B104-4FBC-9C70-419C41470619}\iexplore\, Count, 8, 27.05.2006, 14:19

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7632ABCA-B104-4FBC-9C70-419C41470619}\iexplore\, Time, N/A, 27.05.2006, 14:19

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7632ABCA-B104-4fbc-9C70-419C41470619}\, {KEY}, {KEY}, 27.05.2006, 13:10

 

 

Thanks again;wait to hear from you

Share this post


Link to post
Share on other sites

Download RegSeeker http://www.hoverdesk.net/freeware.htm

Extract it to it's own folder

Do not run it yet.

 

Close or exit Spybot's TeaTimer, SpywareGuard and SpySweeper

 

TeaTimer

Open Spybot and click on Mode and check Advanced Mode

Check yes to next window.

Click on Tools in bottom left hand corner.

Click on System Startup icon.

Uncheck Teatimer box and Uncheck Resident.

Click Allow Change box.

Look at the right hand corner of the screen to see if the icon for Spybot resident is still there. If it is, click it and choose exit.

 

SpywareGuard

Right click the running icon of Spywareguard, it will open the program.

Then go to Menu, file, exit.

Then confirm the program is closed.

 

SpySweeper

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".

Over to the left click "shields" and uncheck all there.

Uncheck "home page shield".

Uncheck 'automaticly restore default without notifiction".

 

Rescan with HJT, check these items:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

 

Close all windows and running programs except HJT, then click fix checked.

 

Navigate to C:\Windows\Prefetch\ ---> delete everything in this folder (NOT THE FOLDER)

Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

 

Double click RegSeeker.exe to start the program. Maximize the window. Click on "Find in Registery"

 

7632ABCA-B104-4fbc-9C70-419C41470619

 

Anything that's associated with that CLSID (if found) delete.

 

Reboot your compter and see if it still shows up. If it does, we'll try something else.

Share this post


Link to post
Share on other sites

Download RegSeeker http://www.hoverdesk.net/freeware.htm

Extract it to it's own folder

Do not run it yet.

 

Close or exit Spybot's TeaTimer, SpywareGuard and SpySweeper

 

TeaTimer

Open Spybot and click on Mode and check Advanced Mode

Check yes to next window.

Click on Tools in bottom left hand corner.

Click on System Startup icon.

Uncheck Teatimer box and Uncheck Resident.

Click Allow Change box.

Look at the right hand corner of the screen to see if the icon for Spybot resident is still there. If it is, click it and choose exit.

 

SpywareGuard

Right click the running icon of Spywareguard, it will open the program.

Then go to Menu, file, exit.

Then confirm the program is closed.

 

SpySweeper

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".

Over to the left click "shields" and uncheck all there.

Uncheck "home page shield".

Uncheck 'automaticly restore default without notifiction".

 

Rescan with HJT, check these items:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

 

Close all windows and running programs except HJT, then click fix checked.

 

Navigate to C:\Windows\Prefetch\ ---> delete everything in this folder (NOT THE FOLDER)

Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

 

Double click RegSeeker.exe to start the program. Maximize the window. Click on "Find in Registery"

 

7632ABCA-B104-4fbc-9C70-419C41470619

 

Anything that's associated with that CLSID (if found) delete.

 

Reboot your compter and see if it still shows up. If it does, we'll try something else.

 

 

Hi Jacee,

 

That got rid of it but left me with a couple of new concerns--a new HJT log follows. I am worried about the last 02 item, and the first two 09 items---they now read "file missing" at the end of their descriptions. Is this going to cause me any problems that you are aware of? PLEASE ADVISE--I get very insecure when I see stuff like that.

I also should tell you that I used a neat piece of freeware called Startup Manager to keep not only Tea Timer, Spyware Guard, and SpySweeper from starting up, but also Trend Micro Anti-Spyware and Pest Patrol.

Untill I hear back from you, and in order that the system is protected, I'm going to re-enable all 5 of them via Startup Manager and reboot--will let you know if any weird things start happening because of the "file missing" matters.

THANK YOU SO VERY MUCH!!!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:39:20 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\Program Files\7Way\7WAY.EXE

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\Program Files\Hjt\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Share this post


Link to post
Share on other sites

Hi Jacee,

 

I don't know whats going on---I re-enabled those 5 items w/ Startup manager, rebooted, and

 

BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

has re-appeared.

 

Heres the log--I note that those 3 items I was concerned about still say" file missing". I did a Norton Ghost earlier today before your last send---should I restore from it to eliminate those 3 "missing file" issues?

 

 

Please advise, and my apologies for taking so much of your time! I am most grateful!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:15:46 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Share this post


Link to post
Share on other sites

I have Startup manager too...why did you re-enable these? :huh:

 

They're empty reg items and point to no where. You don't need them for anything to make your machine work. :(

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

 

 

Launch Notepad (Start > Run, type in: notepad)

Copy/paste all the bold REGEDIT below

Go up to File in the top menu bar and select Save as

Save in: Desktop

File Name: delbho.reg

Save as Type: All files

Click: Save

 

REGEDIT4

 

[-HKEY_CLASSES_ROOT\CLSID\{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

[-HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

Back at the Desktop, double-click on the delbho.reg file.

Click: Yes when asked to merge the information.

 

Run HijackThis once again, and see if it is gone.

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

If not, check box for it, and select: Fix checked.

Share this post


Link to post
Share on other sites

I have Startup manager too...why did you re-enable these? :huh:

 

They're empty reg items and point to no where. You don't need them for anything to make your machine work. :(

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

Launch Notepad (Start > Run, type in: notepad)

Copy/paste all the bold REGEDIT below

Go up to File in the top menu bar and select Save as

Save in: Desktop

File Name: delbho.reg

Save as Type: All files

Click: Save

 

REGEDIT4

 

[-HKEY_CLASSES_ROOT\CLSID\{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

[-HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

Back at the Desktop, double-click on the delbho.reg file.

Click: Yes when asked to merge the information.

 

Run HijackThis once again, and see if it is gone.

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

If not, check box for it, and select: Fix checked.

 

I'm sorry I've caused you problems. I'll disable them again and repeat your previous instructions re RegSeeker, and then follow your above most recent instructions. Will advise results when done

Share this post


Link to post
Share on other sites

Hi Jacee,

 

Per my last post I have repeated all the immediately below instructions:

 

 

 

Download RegSeeker http://www.hoverdesk.net/freeware.htm

Extract it to it's own folder

Do not run it yet.

 

Close or exit Spybot's TeaTimer, SpywareGuard and SpySweeper

 

TeaTimer

Open Spybot and click on Mode and check Advanced Mode

Check yes to next window.

Click on Tools in bottom left hand corner.

Click on System Startup icon.

Uncheck Teatimer box and Uncheck Resident.

Click Allow Change box.

Look at the right hand corner of the screen to see if the icon for Spybot resident is still there. If it is, click it and choose exit.

 

SpywareGuard

Right click the running icon of Spywareguard, it will open the program.

Then go to Menu, file, exit.

Then confirm the program is closed.

 

SpySweeper

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".

Over to the left click "shields" and uncheck all there.

Uncheck "home page shield".

Uncheck 'automaticly restore default without notifiction".

 

Rescan with HJT, check these items:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

 

Close all windows and running programs except HJT, then click fix checked.

 

Navigate to C:\Windows\Prefetch\ ---> delete everything in this folder (NOT THE FOLDER)

Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

 

Double click RegSeeker.exe to start the program. Maximize the window. Click on "Find in Registery"

 

7632ABCA-B104-4fbc-9C70-419C41470619

 

Anything that's associated with that CLSID (if found) delete.

 

 

 

I then followed your most recent instructions regarding:

 

 

 

They're empty reg items and point to no where. You don't need them for anything to make your machine work.

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

 

 

Launch Notepad (Start > Run, type in: notepad)

Copy/paste all the bold REGEDIT below

Go up to File in the top menu bar and select Save as

Save in: Desktop

File Name: delbho.reg

Save as Type: All files

Click: Save

 

REGEDIT4

 

[-HKEY_CLASSES_ROOT\CLSID\{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

[-HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{7632ABCA-B104-4fbc-9C70-419C41470619}]

 

Back at the Desktop, double-click on the delbho.reg file.

Click: Yes when asked to merge the information.

 

Run HijackThis once again, and see if it is gone.

 

O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C41470619} - (no file)

 

If not, check box for it, and select: Fix checked.

 

 

 

I then ran HJT and it was gone. I then rebooted and heres the log from just after that

 

 

Logfile of HijackThis v1.99.1

Scan saved at 9:13:38 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\7Way\7WAY.EXE

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

 

I am happy that the problem BHO is gone!

 

What ( if anything ) should now be done about

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

 

and

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

 

I will not do anything with these nor re-activate the 5 programs ( SpySweeper, etc) until you tell me its ok -- am awaiting your instructions before doing ANYTHING else.

 

Thank you again for your time and patience as well as your most excellent technical guidance! :):unsure:

Share this post


Link to post
Share on other sites

Hi Jacee,

I installed JRE5.0 update7, rebooted, and here is the log---it sure looks clean to me? What do you think?

 

I asked in my last post if it was ok to re-activate Spysweeper, Teatimer, Spyware Guard, Spyware Blaster, Pest Patrol, and Trend Micro but you didn't indicate one way or the other. Please advise--after messing up before, I'm not assuming anything ( although my hunch is you'll say its ok?) Wait to hear from you, thanks again! :clap::clap::):)

 

Logfile of HijackThis v1.99.1

Scan saved at 10:16:23 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\Program Files\Hjt\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Edited by barebear

Share this post


Link to post
Share on other sites

The log looks great! Re-enable all your spyware protection if you haven't already.

 

Download ATF Cleaner

http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click on the Programs tab then click the "Reset Web Settings" button.

Click Apply then OK.

 

Reboot

 

You will want to finish cleaning now by removing your restore points and starting fresh with them.

Please do this:

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

Share this post


Link to post
Share on other sites

Hi Jacee,

 

I downloaded ATF Cleaner to the desktop but did nothing with it. I then used Startup Manager to re-enable SpySweeper, Teatimer, Spyware Guard, Trend Micro, and Pest Patrol; after rebooting I decided to be cautious and run a HJT scan before doing anything with ATF ---- the BHO was back.

I used Startup Manager, unchecked all the Spyware items, rebooted, ran HJT and deleted the BHO, rebooted again, ran HJT again and the BHO is gone. The log file follows below.

I am going to re-activate the spyware programs 1 at a time via Startup Manager, reboot, run HJT, if the BHO is still gone re-activate another spyware prog, and reboot and run HJT again till I see the BHO reappear after a program activation.

This will take some time and I'll advise results when done. My first move will be to uncheck the BHO shield in Spysweeper, re-activate it, reboot, run HJT, and see if the BHO re-appears.........

Please advise your suggestions.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:26:09 PM, on 5/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Share this post


Link to post
Share on other sites

Hi Jacee,

 

By process of elimination, the culprit that brings the BHO back in a HJT scan is Teatimer ---I can run all my other antispyware with no BHO showing up in a HJT scan. If I enable Teatimer, the BHO is back till I take Teatimer out of the Startup Manager.

The log generated without Teatimer is below.

What, if applicable, do I have to do inside Spybot to get Teatimer running without generating the BHO in a HJT scan?? What else neeeds to be done to get Teatimer to run without the BHO reappearing??

I will wait to hear from you regarding this before running ATF Cleaner per your earlier instructions; I will run ATF cleaner as soon as you tell me to.

 

Do be aware that I run Firefox instead of IE-----as such do you still want me to do

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click on the Programs tab then click the "Reset Web Settings" button.

Click Apply then OK.

 

Please advise regarding this and when/if to run ATF cleaner, as well as whatever else needs to be done

 

Logfile of HijackThis v1.99.1

Scan saved at 12:17:06 AM, on 5/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Edited by barebear

Share this post


Link to post
Share on other sites

Hi Jacee,

 

Spybot uninstalled/reistalled and your other cleanup instructions followed per:

 

Download ATF Cleaner

http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click on the Programs tab then click the "Reset Web Settings" button.

Click Apply then OK.

 

Reboot

 

You will want to finish cleaning now by removing your restore points and starting fresh with them.

Please do this:

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

 

 

The only thing I didn't do was re System Restore--I don't use it, but rather create checkpoints in V-Com System Suite. I deleted all existing checkpoints, created a new one, and am creating a new Ghost image.

 

The latest log after the cleanup and before making the Ghost follows; please advise any other steps to be taken or whether this does it all. THANK YOU AGAIN!!! :clap::clap::clap::):):)

 

Logfile of HijackThis v1.99.1

Scan saved at 9:29:10 PM, on 5/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program Files\SmartBackup\smartbackup.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\7Way\7WAY.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Ups\MonUPS Software\MonUPS.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\Program Files\Hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\Tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [smartBackup] C:\Program Files\SmartBackup\smartbackup.exe /SYSTEMSTARTUP

O4 - HKCU\..\Run: [superCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: 7way.lnk = C:\Program Files\7Way\7WAY.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MonUPS Power Protect - Unknown owner - C:\Program Files\Ups\MonUPS Software\MonUPS.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Edited by barebear

Share this post


Link to post
Share on other sites

Every thing looks good.

 

Rescan with HJT, check this line

 

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -

it's the old Java

 

Close all windows and pen prorgrams, then click 'fix checked'.

 

Reboot.

 

You should be good to go now :)

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...