Download HijackThis, run it and save a log, then post it here.
Tarun
You did a fantastic job helping the other fellow who--like I--wasn't sure what can be disabled from the startup menu.
I've already disabled some things, but I'm afraid to delete others.
If you can find time to analyze my log, I would be forever grateful.
Thanks,
Staninfr
--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:52:13 PM, on 27/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security
Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Virtual Account Numbers\CitiUCS.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nosign.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Free Spyware Scanner\SpyWatcher.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\WinguardPro\wgp.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Wanadoo\taskbaricon.exe
D:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
D:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EditPad Lite\EditPad.exe
C:\Program Files\CCleaner\CCleaner.exe
E:\Download 7\Hijack this\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f533.mail.yahoo.com/ym/login?.rand=3mhppvac5jbok
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext =
http://www.ontrack.com/registration/index.asp?product=erp6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title
= Wanadoo
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-
0A63660E0FE3} - (no file)
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-
BE1A89362C85} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2
\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
(no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O2 - BHO: XBTB09580 - {E9CFF983-9580-4d74-A7BD-FBF10BB2672A} -
D:\PROGRA~1\WORDRE~2\WORDRE~1.DLL
O2 - BHO: UCSBrowserHelper Class - {F1D49A84-8656-43ce-AE3D-
AABC1A12243E} - C:\WINDOWS\System32\BhoUCS.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a}
- C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2
\ycomp5_3_18_0.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-
E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O3 - Toolbar: WordReferenceEnFr - {5776A2BC-D803-47F6-9DC0-
8344DB8D604C} - D:\Program
Files\WordReferenceEnFr\wordreferenceEnFr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers
communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account
Numbers\CitiUCS.exe /dontopenmycards
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
/hidden
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [Nosign_JL2005] nosign TRUST
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program
Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [spy Watcher] "C:\Program Files\Free Spyware
Scanner\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1
\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton
Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep
0 -u
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32
\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinGuard Pro] C:\Program
Files\WinguardPro\wgp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program
Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program
Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32
\PSDrvCheck.exe
O4 - HKLM\..\Run: [RAM Idle Professional] D:\Program Files\RAM
Idle\RAM_XP.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2
\pg2.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program
Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word -
res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1
\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Personnaliser -
C:\WINDOWS\PCHealth\HelpCtr\System\blurbs\options.htm
O8 - Extra context menu item: Rechercher sur Internet -
E:\Downloads\Software\Utilities\Printer Software\ENGLISH Epson
82 Installer\MANUAL\REF_G\REF_G\SEARCH.HTM
O8 - Extra context menu item: Save Forms - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent -
res://C:\Program Files\Copernic
Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-
CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6
-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-
ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-
4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-
8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-
7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-
C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-
ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49}
- file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-
ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422}
- C:\Program Files\Virtual Account Numbers\CitiUCS.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-
00400523e39a} - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-
11d4-9908-00400523e39a} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - C:\Program Files\Microsoft
Money\System\mnyside.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-
C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-
45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
(HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4
-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
(HKCU)
O12 - Plugin for .TIF: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall
Control) - http://housecall-
beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec
AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedC.../vc/bin/AvSniff.
cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
(PatchInstaller.Installer) -
file://F:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-
Webster Online Toolbar) - http://www.m-
w.com/toolbar/webinstall.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
- http://software-
dl.real.com/123365b68a1053506a18/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://v5.windowsupdate.microsoft.com/v5co...V5Controls/en/x
86/client/wuweb_site.cab?1097405935453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec
RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...common/bin/cabs
a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) -
http://update.microsoft.com/microsoftupdat...Controls/en/x86
/client/muweb_site.cab?1124443342609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall
Control) -
http://a840.g.akamai.net/7/840/537/2004061...secall.trendmic
ro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB}
(MSSecurityAdvisorCD Class) -
file://F:\Content\include\msSecUcd.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage
Class) - http://84.96.27.199/activex/AxisCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image
Uploader 3.5 Control) - http://www.wisup.net/album-
photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline
Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player
Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7914921E-CA56-4019-
B31E-259884609AFB}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Fichiers
communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\ccSetMgr.exe
O23 - Service: Cepstral License Server - Cepstral, LLC -
C:\Program Files\Cepstral\lib\LicenseServer.exe
O23 - Service: Creative Service for CDROM Access - Creative
Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc.
- C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc)
- Symantec Corporation - C:\Program Files\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Fichiers
communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\Security
Center\SymWSC.exe