Hi
Happy.exe is the executable for a game on this computer called Happyland Adventures, so I think it is OK.
Yes, C:\Documents and Settings\XP\My Documents\Buring Files\LAuREn\ICoNz\GIMP-2.0\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe is the file to do with The Gimp.
OK, so I downloaded Spy Sweeper, ran the sweep. It found loads of things, which appear to have been fixed. I restarted.
A message popped up telling me that C:/WINDOWS/System32/NvCpl.dll,NvStartup loads when windows starts up, so I removed this, and restarted, but the message popped up again...
Also it is necessary to reconnect to the internet FREQUENTLY. The pages will just stop loading, the page will say webpage unavailable, even though downloads continue to work.
But as soon as I connected to the internet again the Spy Sweeper message tray thing come up and told me it blocked something from www.ad-w-a-r-e.com, and there is a huge list saying Spy Sweeper blocked things from this and www.a-d-w-a-r-e.com. Is this normal? The .dll file is still in the log too, and if fixed, it doesn't remove.
Here are my Spy Sweeper and HiJack This Logs:
********
7:35 PM: | Start of Session, Thursday, 29 December 2005 |
7:35 PM: Spy Sweeper started
7:35 PM: Sweep initiated using definitions version 556
7:35 PM: Sweep Canceled
7:35 PM: Traces Found: 0
********
7:30 PM: | Start of Session, Thursday, 29 December 2005 |
7:30 PM: Spy Sweeper started
7:30 PM: Sweep initiated using definitions version 556
7:30 PM: Starting Memory Sweep
7:31 PM: Memory Sweep Complete, Elapsed Time: 00:00:52
7:31 PM: Starting Registry Sweep
7:31 PM: Registry Sweep Complete, Elapsed Time:00:00:10
7:31 PM: Starting Cookie Sweep
7:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:31 PM: Starting File Sweep
7:35 PM: File Sweep Complete, Elapsed Time: 00:04:02
7:35 PM: Full Sweep has completed. Elapsed time 00:05:11
7:35 PM: Traces Found: 0
7:35 PM: | End of Session, Thursday, 29 December 2005 |
********
7:02 PM: | Start of Session, Thursday, 29 December 2005 |
7:02 PM: Spy Sweeper started
7:02 PM: Sweep initiated using definitions version 556
7:02 PM: Starting Memory Sweep
7:03 PM: Memory Sweep Complete, Elapsed Time: 00:00:55
7:03 PM: Starting Registry Sweep
7:03 PM: Found Adware: e2g
7:03 PM: HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125407)
7:03 PM: HKLM\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125447)
7:03 PM: HKLM\software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125484)
7:03 PM: HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125529)
7:03 PM: Found Adware: mirar webband
7:03 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135066)
7:03 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069)
7:03 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070)
7:03 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071)
7:03 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072)
7:03 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135075)
7:03 PM: HKCR\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135076)
7:03 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135079)
7:03 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082)
7:03 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083)
7:03 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084)
7:03 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135088)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135089)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (1 subtraces) (ID = 135090)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (1 subtraces) (ID = 135091)
7:03 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092)
7:03 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121)
7:03 PM: Found Adware: purityscan
7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
7:03 PM: Found Adware: bookedspace
7:03 PM: HKLM\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com\ (2 subtraces) (ID = 662284)
7:03 PM: Found Adware: winad
7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
7:03 PM: Found Adware: imgiant
7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\imgiant\ (21 subtraces) (ID = 128544)
7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
7:03 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:03 PM: Starting Cookie Sweep
7:03 PM: Found Spy Cookie: yieldmanager cookie
7:03 PM: xp@ad.yieldmanager[2].txt (ID = 3751)
7:03 PM: Found Spy Cookie: cc214142 cookie
7:03 PM: xp@ads.cc214142[2].txt (ID = 2367)
7:03 PM: Found Spy Cookie: pointroll cookie
7:03 PM: xp@ads.pointroll[1].txt (ID = 3148)
7:03 PM: Found Spy Cookie: adtech cookie
7:03 PM: xp@adtech[2].txt (ID = 2155)
7:03 PM: Found Spy Cookie: falkag cookie
7:03 PM: xp@as-us.falkag[2].txt (ID = 2650)
7:03 PM: Found Spy Cookie: atwola cookie
7:03 PM: xp@atwola[1].txt (ID = 2255)
7:03 PM: Found Spy Cookie: belnk cookie
7:03 PM: xp@belnk[1].txt (ID = 2292)
7:03 PM: Found Spy Cookie: burstnet cookie
7:03 PM: xp@burstnet[1].txt (ID = 2336)
7:03 PM: Found Spy Cookie: casalemedia cookie
7:03 PM: xp@casalemedia[2].txt (ID = 2354)
7:03 PM: Found Spy Cookie: dealtime cookie
7:03 PM: xp@dealtime[2].txt (ID = 2505)
7:03 PM: xp@dist.belnk[2].txt (ID = 2293)
7:03 PM: Found Spy Cookie: 2o7.net cookie
7:03 PM: xp@maxis.112.2o7[1].txt (ID = 1958)
7:03 PM: Found Spy Cookie: paypopup cookie
7:03 PM: xp@paypopup[2].txt (ID = 3119)
7:03 PM: Found Spy Cookie: rn11 cookie
7:03 PM: xp@rn11[2].txt (ID = 3261)
7:03 PM: xp@stat.dealtime[1].txt (ID = 2506)
7:03 PM: Found Spy Cookie: statcounter cookie
7:03 PM: xp@statcounter[1].txt (ID = 3447)
7:03 PM: Found Spy Cookie: reliablestats cookie
7:03 PM: xp@stats1.reliablestats[2].txt (ID = 3254)
7:03 PM: Found Spy Cookie: tribalfusion cookie
7:03 PM: xp@tribalfusion[1].txt (ID = 3589)
7:03 PM: Found Spy Cookie: burstbeacon cookie
7:03 PM: xp@www.burstbeacon[1].txt (ID = 2335)
7:03 PM: Found Spy Cookie: winantiviruspro cookie
7:03 PM: xp@www.winantiviruspro[1].txt (ID = 3690)
7:03 PM: Found Spy Cookie: yadro cookie
7:03 PM: xp@yadro[2].txt (ID = 3743)
7:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:03 PM: Starting File Sweep
7:04 PM: Found Adware: ist sidefind
7:04 PM: c:\program files\sidefind\update (ID = -2147474314)
7:04 PM: c:\program files\sidefind (1 subtraces) (ID = -2147480325)
7:04 PM: Found Adware: 7adpower
7:04 PM: backup-20051219-130708-628.inf (ID = 156464)
7:04 PM: int_ver32b.inf (ID = 156464)
7:04 PM: backup-20051210-201848-472.inf (ID = 156464)
7:04 PM: Found Adware: internetoptimizer
7:04 PM: cln3.tmp (ID = 64016)
7:04 PM: backup-20051211-164359-882.dll (ID = 156465)
7:04 PM: backup-20051214-185210-528.dll (ID = 156465)
7:04 PM: Found Adware: powerscan
7:04 PM: uninstall.exe (ID = 72675)
7:04 PM: backup-20051211-164359-882.inf (ID = 156464)
7:04 PM: int_ver32b.inf (ID = 156464)
7:04 PM: int_ver32b.ocx (ID = 156465)
7:04 PM: backup-20051104-112104-522.dll (ID = 59389)
7:04 PM: sidefind[1].exe (ID = 154905)
7:04 PM: backup-20051215-194652-757.dll (ID = 156465)
7:04 PM: backup-20051219-125906-201.dll (ID = 156465)
7:04 PM: backup-20051219-130708-628.dll (ID = 156465)
7:04 PM: backup-20051104-112104-518.dll (ID = 156465)
7:04 PM: Found Adware: ist istbar
7:04 PM: istactivex.dll (ID = 64599)
7:04 PM: Found Adware: look2me
7:04 PM: oybcjt32.dll (ID = 163672)
7:04 PM: pi1_25.exe (ID = 59402)
7:04 PM: backup-20051226-202751-606.dll (ID = 156465)
7:04 PM: backup-20051226-203616-172.dll (ID = 156465)
7:04 PM: powerscan[1].exe (ID = 72679)
7:04 PM: backup-20051104-112104-873.inf (ID = 73158)
7:04 PM: bw2.com (ID = 65739)
7:04 PM: icont.exe (ID = 65739)
7:04 PM: Found Adware: media-motor
7:04 PM: unstall.exe (ID = 133210)
7:04 PM: Found Adware: 180search assistant/zango
7:04 PM: 1807d.mht (ID = 148810)
7:04 PM: backup-20051219-125906-201.inf (ID = 156464)
7:04 PM: Found Adware: moneytree
7:04 PM: backup-20051104-112104-467.dll (ID = 64043)
7:04 PM: backup-20051214-185210-528.inf (ID = 156464)
7:04 PM: backup-20051207-193122-653.inf (ID = 156464)
7:04 PM: backup-20051207-193122-653.dll (ID = 156465)
7:04 PM: backup-20051215-194202-886.inf (ID = 156464)
7:04 PM: istactivex.dll (ID = 64599)
7:05 PM: backup-20051208-175207-457.inf (ID = 156464)
7:05 PM: backup-20051208-175207-457.dll (ID = 156465)
7:05 PM: backup-20051104-112104-518.inf (ID = 156464)
7:05 PM: int_ver32b.ocx (ID = 156465)
7:05 PM: unstall[1].exe (ID = 133210)
7:05 PM: power_remove[1].exe (ID = 72675)
7:05 PM: istrecover[1].exe (ID = 64496)
7:05 PM: int_ver32b.ocx (ID = 156465)
7:05 PM: optimize[1].exe (ID = 125346)
7:05 PM: backup-20051215-194202-886.dll (ID = 156465)
7:06 PM: backup-20051210-201848-472.dll (ID = 156465)
7:06 PM: int_ver32b.ocx (ID = 156465)
7:06 PM: backup-20051226-203616-172.inf (ID = 156464)
7:06 PM: res4fd.tmp (ID = 147558)
7:06 PM: mm63[1].ocx (ID = 74058)
7:06 PM: mbpi32.dll (ID = 163672)
7:06 PM: 0006_regular[1].cab (ID = 64478)
7:06 PM: agledit.dll (ID = 163672)
7:06 PM: backup-20051215-194652-757.inf (ID = 156464)
7:06 PM: int_ver32b.inf (ID = 156464)
7:06 PM: int_ver32b.inf (ID = 156464)
7:07 PM: vnrun300.dll (ID = 163672)
7:07 PM: Found Adware: ist yoursitebar
7:07 PM: ysb[1].dll (ID = 161559)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: backup-20051226-202751-606.inf (ID = 156464)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.inf (ID = 156464)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: optimize[1].exe (ID = 159920)
7:07 PM: imgiant.inf (ID = 63590)
7:07 PM: backup-20051208-163513-246.inf (ID = 70515)
7:08 PM: File Sweep Complete, Elapsed Time: 00:04:06
7:08 PM: Full Sweep has completed. Elapsed time 00:05:18
7:08 PM: Traces Found: 279
7:09 PM: Removal process initiated
7:09 PM: Quarantining All Traces: look2me
7:09 PM: Quarantining All Traces: 180search assistant/zango
7:09 PM: Quarantining All Traces: 7adpower
7:09 PM: Quarantining All Traces: bookedspace
7:09 PM: Quarantining All Traces: e2g
7:09 PM: Quarantining All Traces: imgiant
7:09 PM: Quarantining All Traces: internetoptimizer
7:09 PM: Quarantining All Traces: ist istbar
7:09 PM: Quarantining All Traces: ist sidefind
7:09 PM: Quarantining All Traces: ist yoursitebar
7:09 PM: Quarantining All Traces: media-motor
7:09 PM: Quarantining All Traces: mirar webband
7:09 PM: Quarantining All Traces: moneytree
7:09 PM: Quarantining All Traces: powerscan
7:09 PM: Quarantining All Traces: purityscan
7:09 PM: Quarantining All Traces: winad
7:09 PM: Quarantining All Traces: 2o7.net cookie
7:09 PM: Quarantining All Traces: adtech cookie
7:09 PM: Quarantining All Traces: atwola cookie
7:09 PM: Quarantining All Traces: belnk cookie
7:09 PM: Quarantining All Traces: burstbeacon cookie
7:09 PM: Quarantining All Traces: burstnet cookie
7:09 PM: Quarantining All Traces: casalemedia cookie
7:09 PM: Quarantining All Traces: cc214142 cookie
7:09 PM: Quarantining All Traces: dealtime cookie
7:09 PM: Quarantining All Traces: falkag cookie
7:09 PM: Quarantining All Traces: paypopup cookie
7:09 PM: Quarantining All Traces: pointroll cookie
7:09 PM: Quarantining All Traces: reliablestats cookie
7:09 PM: Quarantining All Traces: rn11 cookie
7:09 PM: Quarantining All Traces: statcounter cookie
7:09 PM: Quarantining All Traces: tribalfusion cookie
7:09 PM: Quarantining All Traces: winantiviruspro cookie
7:09 PM: Quarantining All Traces: yadro cookie
7:09 PM: Quarantining All Traces: yieldmanager cookie
7:10 PM: Removal process completed. Elapsed time 00:01:16
7:17 PM: Processing Startup Alerts
7:17 PM: Removed Startup entry: NvCplDaemon
7:19 PM: Processing Startup Alerts
7:19 PM: Removed Startup entry: NvCplDaemon
7:30 PM: | End of Session, Thursday, 29 December 2005 |
********
7:02 PM: | Start of Session, Thursday, 29 December 2005 |
7:02 PM: Spy Sweeper started
7:02 PM: | End of Session, Thursday, 29 December 2005 |
______________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 8:14:20 PM, on 29/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iBot_V1_02\iBot_FinalV1_02.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bigbutton.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.arcom.com.au:8080;http=proxy.arcom.com.au:8080;https=proxy.arcom.com.au:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\f8j20i1oe8.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks!