Post by: Peas2nd on August 21, 2005, 01:58:15 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:52:49 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Njzv\Rimbm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\download episodes\hijackthis.exe
C:\WINNT\system32\drwtsn32.exe
C:\WINNT\system32\drwtsn32.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sl...1PgcCmb9ZAAAKDw (http://\"http://www.pogo.com/home/home-pogop.jsp?sls=3&site=pogop&lkey=QRiNjwfS8ehm1PgcCmb9ZAAAKDw\").
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Service Control Manager] scm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Sntczie] C:\Program Files\Njzv\Rimbm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [Service Control Manager] scm.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.34/omah...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/omaha/omaha-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.22/aces...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/aces/aces-ob-assets.cab\")
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/blackjack/blackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/cana...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/ches...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.29/chec...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.0.37/domi...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.1.4.29/euch...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.5.28/soli...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.28/supe...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.1.5.28/gree...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/greenback/greenback-ob-assets.cab\")
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/draw...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.21/jigs...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab\")
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.21/lott...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/lottso/lottso-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.22/mahj...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.1.4.22/paig...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.0.30/free...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/freecell/freecell-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/wate...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.4.22/flin...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.22/pino...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.1.4.29/slot...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.29/spad...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/spid...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/sque...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.22/peak...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumb...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-6.1.1.29/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.1.1.29/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.4.29/word...p-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.4.29/whac...n-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/worl...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab (http://\"http://www.worldwinner.com/games/v46/skillgam/skillgam.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab (http://\"http://www.worldwinner.com/games/v42/shape/shape.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab (http://\"http://www.worldwinner.com/games/v44/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab (http://\"http://www.worldwinner.com/games/v42/paint/paint.cab\")
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab (http://\"http://www.worldwinner.com/games/v43/solotriv/solotriv.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb04.pogo.com/game/deluxe/zuma...aploader_v6.cab (http://\"http://playweb04.pogo.com/game/deluxe/zuma/popcaploader_v6.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
if you can help that would be great. Thanks steph
Post by: guestolo on August 21, 2005, 02:40:14 PM
Can you do the following
Run a SEARCH on your computer for the following file name in bold
scm.exe
Make sure before searching you look under the Advanced options
and have the top 3 options checked
If you find the file can you let me know what folder it's in please
Give me the full path to it
Could you also carry on with the following
==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Then click Start Scan
This could take some time as it will scan your drive
Once the Scan is Complete
1. Reboot back to Normal mode
2. Go to the WinPFind folder
3. Locate WinPFind.txt in the WinPfind folder
Post the results of the WindPFind.txt
Could you also post the following
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop and then copy and paste back the contents back here
Post by: Peas2nd on August 21, 2005, 05:03:54 PM
Logfile of HijackThis v1.99.1
Scan saved at 3:57:30 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Njzv\Rimbm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\download episodes\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sl...1PgcCmb9ZAAAKDw (http://\"http://www.pogo.com/home/home-pogop.jsp?sls=3&site=pogop&lkey=QRiNjwfS8ehm1PgcCmb9ZAAAKDw\").
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Service Control Manager] scm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Sntczie] C:\Program Files\Njzv\Rimbm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [Service Control Manager] scm.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.34/omah...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/omaha/omaha-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.22/aces...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/aces/aces-ob-assets.cab\")
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/blackjack/blackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/cana...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/ches...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.29/chec...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.0.37/domi...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.1.4.29/euch...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.5.28/soli...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.28/supe...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.1.5.28/gree...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/greenback/greenback-ob-assets.cab\")
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/draw...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.21/jigs...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab\")
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.21/lott...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/lottso/lottso-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.22/mahj...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.1.4.22/paig...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.0.30/free...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/freecell/freecell-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/wate...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.4.22/flin...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.22/pino...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.1.4.29/slot...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.29/spad...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/spid...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/sque...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.22/peak...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumb...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-6.1.1.29/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.1.1.29/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.4.29/word...p-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.4.29/whac...n-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/worl...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab (http://\"http://www.worldwinner.com/games/v46/skillgam/skillgam.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab (http://\"http://www.worldwinner.com/games/v42/shape/shape.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab (http://\"http://www.worldwinner.com/games/v44/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab (http://\"http://www.worldwinner.com/games/v42/paint/paint.cab\")
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab (http://\"http://www.worldwinner.com/games/v43/solotriv/solotriv.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb04.pogo.com/game/deluxe/zuma...aploader_v6.cab (http://\"http://playweb04.pogo.com/game/deluxe/zuma/popcaploader_v6.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Here is the files that found scm.exe:
C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Backups
C:\WINNT\PCHealth\HelpCtr\DataColl
Also it is found in the hijack file
Here is the windpfindtxt:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PEC2 6/9/2005 2:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 6/9/2005 2:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
UPX! 10/18/2004 2:04:42 PM 161280 C:\WINNT\SYSTEM32\fmod.dll
PECompact2 8/4/2005 7:31:38 PM 1449304 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2005 7:31:38 PM 1449304 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/21/2005 3:47:02 PM 2048 C:\WINNT\bootstat.dat
H 7/1/2005 6:11:12 AM 0 C:\WINNT\inf\oem27.inf
H 6/24/2005 7:12:26 PM 1024 C:\WINNT\repair\ntuser.dat.LOG
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\cmd.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\netstat.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\ping.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\regedit.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\taskkill.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\tasklist.com
SH 6/28/2005 8:50:32 PM 2 C:\WINNT\system32\tracert.com
S 7/8/2005 4:23:18 PM 12143 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 9:06:34 AM 11437 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 7/2/2005 2:18:16 AM 9445 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 8/21/2005 3:50:40 PM 1024 C:\WINNT\system32\config\default.LOG
H 8/21/2005 3:47:08 PM 1024 C:\WINNT\system32\config\SAM.LOG
H 8/21/2005 3:47:50 PM 1024 C:\WINNT\system32\config\SECURITY.LOG
H 8/21/2005 3:52:42 PM 1024 C:\WINNT\system32\config\software.LOG
H 8/21/2005 3:48:06 PM 1024 C:\WINNT\system32\config\system.LOG
H 8/11/2005 3:01:56 AM 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
SH 6/23/2005 1:30:42 PM 388 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\f0de5517-f85e-45b8-99f2-b7da17970c82
SH 6/23/2005 1:30:42 PM 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\Preferred
H 8/21/2005 3:47:10 PM 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Intel Corporation 3/11/2003 9:18:48 AM 94208 C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 3:31:48 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Intel® Corporation 3/11/2003 3:15:56 PM 77824 C:\WINNT\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 4/8/2004 8:12:42 AM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 3/11/2003 9:18:48 AM 94208 C:\WINNT\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
7/22/2004 2:58:52 PM 79168 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINNT\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}
= C:\Program Files\Microsoft Money\System\mnyside.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Hot Key Kbd 9910 Daemon SK9910DM.EXE
GWMDMMSG GWMDMMSG.exe
Keyboard Preload Check C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
Service Control Manager scm.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
GWMDMpi C:\WINNT\GWMDMpi.exe
Gateway Ink Monitor "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NetMeter C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Sntczie C:\Program Files\Njzv\Rimbm.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Lexmark 2200 Series "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
FaxCenterServer "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NeroFilterCheck C:\WINNT\system32\NeroCheck.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Service Control Manager scm.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MoneyAgent "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 255
_NoDriveTypeAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/21/2005 3:53:43 PM
Here is the other hijakthis that you asked me for:
360Share(remove only)
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat 5.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitTornado 0.3.12
ccCommon
CleanUp!
DivX
DivX Player
Do More 7.0
DVD
Easy CD Creator 5 Basic
eTomi Pro(remove only)
ewido security suite
Feeding Frenzy
Gateway Drivers and Applications Recovery
Gateway Ink Monitor
Gateway Rhapsody
Great Escapes Solitaire Collection
Green Thumb Cards
GSpot Codec Information Appliance
GTW V.92 Voicemodem
HijackThis 1.99.1
HV-5 High Velocity Racing Wheel W/Vibration
Insaniquarium Deluxe 1.0
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterActual Player
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 1
Jericho Mirage
Lemonade Tycoon 2
Lexmark 2200 Series
Lexmark Fax Solutions
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Learning and Research Plus Support Files
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Internet Software
MSN Messenger 5.0
MSXML4 Parser
Musicmatch for Windows Media Player
NASCAR SimRacing
NASCAR SimRacing Demo
Nero MediaHome CE
Nero Recode CE
Nero ShowTime CE
Nero Suite
Nielsen//NetRatings
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
PC-Doctor for Windows
PCFriendly
PowerDVD
pressplay
PS/2 Millennium Keyboard
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Shockwave
SPBBC
Spybot - Search & Destroy 1.3
Symantec
Symantec Script Blocking Installer
SymNet
The Print Shop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WONswap
Yahoo! Anti-Spy
Yahoo! Customizations
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
I hope this helps you thanks soooo much. Steph
Post by: guestolo on August 21, 2005, 06:00:48 PM
I don't recognize all programs in your Uninstall list
But I recommend that you remove
Nielsen//NetRatings
It has a bad reputation
Afterwards
Open Ewido Security Suite
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
Open Ad-Aware
Click the check for updates now link and Connect to download the latest updates if any
Ensure there both right up to date but don't run a scan yet
==Download the Killbox by Option^Explicit (http://\"http://www.atribune.org/downloads/KillBox.exe\"). [color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* Save it to your desktop or a folder
Please Save these instructions too a Notepad file on the desktop
To open Notepad go to START>>RUN>>type in notepad
Hit OK
After you have saved these instructions, close down all windows including this one
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Run Pocket KillBox.exe
In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C
Killbox files to highlight between dotted lines
===================================================
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINNT\system32\p2pnetwork.exe
C:\WINNT\system32\CMD.COM
C:\WINNT\system32\netstat.com
C:\WINNT\system32\ping.com
C:\WINNT\system32\regedit.com
C:\WINNT\system32\tasklist.com
C:\WINNT\system32\taskkill.com
C:\WINNT\system32\taskmgr.com
C:\WINNT\system32\tracert.com
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\Njzv\Rimbm.exe
===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Don't worry about no file found or error messages
If your computer doesn't restart
Please Restart it now manually into SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
In safe mode
Find and delete these folders if they exists, manually look for them
C:\Program Files\Njzv <-folder
C:\Program Files\winupdate <-folder
C:\Program Files\NetRatingsNetmeter <-folder
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off or Restart when scan is done.
==Open Ewido trojan scanner
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running do NOT open any other Windows
Let it do it's job
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...://my.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Service Control Manager] scm.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [Sntczie] C:\Program Files\Njzv\Rimbm.exe
O4 - HKLM\..\RunServices: [Service Control Manager] scm.exe
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Run WPFind.exe again
Restart back to Normal mode
Please post a fresh Hijackthis log and the report from Ewidos and the WPFind.txt again
Post by: Peas2nd on August 22, 2005, 04:06:07 PM
Logfile of HijackThis v1.99.1
Scan saved at 3:00:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\download episodes\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sl...1PgcCmb9ZAAAKDw (http://\"http://www.pogo.com/home/home-pogop.jsp?sls=3&site=pogop&lkey=QRiNjwfS8ehm1PgcCmb9ZAAAKDw\").
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.34/omah...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/omaha/omaha-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.22/aces...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/aces/aces-ob-assets.cab\")
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/blackjack/blackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/cana...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/ches...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.29/chec...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.0.37/domi...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.1.4.29/euch...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.5.28/soli...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.28/supe...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.1.5.28/gree...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/greenback/greenback-ob-assets.cab\")
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/draw...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.21/jigs...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab\")
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.21/lott...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/lottso/lottso-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.22/mahj...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.1.4.22/paig...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.0.30/free...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/freecell/freecell-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/wate...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.4.22/flin...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.22/pino...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.1.4.29/slot...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.29/spad...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/spid...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/sque...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.22/peak...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumb...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-6.1.1.29/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.1.1.29/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.4.29/word...p-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.4.29/whac...n-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/worl...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab (http://\"http://www.worldwinner.com/games/v46/skillgam/skillgam.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab (http://\"http://www.worldwinner.com/games/v42/shape/shape.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab (http://\"http://www.worldwinner.com/games/v44/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab (http://\"http://www.worldwinner.com/games/v42/paint/paint.cab\")
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab (http://\"http://www.worldwinner.com/games/v43/solotriv/solotriv.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb04.pogo.com/game/deluxe/zuma...aploader_v6.cab (http://\"http://playweb04.pogo.com/game/deluxe/zuma/popcaploader_v6.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Here is the Ewidos report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:37:46 PM, 8/21/2005
+ Report-Checksum: 431E682A
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP344\A0094260.exe -> Trojan.Small.cy : Cleaned with backup
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINNT\SexDownloader.cab/HttpDownloader.ocx -> TrojanDownloader.Pornet.c : Error during cleaning
C:\WINNT\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
::Report End
Here is theWinPFind txt:
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINNT\SYSTEM32\dfrg.msc
PEC2 6/9/2005 2:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
PECompact2 6/9/2005 2:32:28 PM 692736 C:\WINNT\SYSTEM32\DivX.dll
UPX! 10/18/2004 2:04:42 PM 161280 C:\WINNT\SYSTEM32\fmod.dll
PECompact2 8/4/2005 7:31:38 PM 1449304 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2005 7:31:38 PM 1449304 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/22/2005 1:23:50 PM 2048 C:\WINNT\bootstat.dat
H 7/1/2005 6:11:12 AM 0 C:\WINNT\inf\oem27.inf
H 6/24/2005 7:12:26 PM 1024 C:\WINNT\repair\ntuser.dat.LOG
S 7/8/2005 4:23:18 PM 12143 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 9:06:34 AM 11437 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 7/2/2005 2:18:16 AM 9445 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 8/22/2005 1:23:40 PM 8192 C:\WINNT\system32\config\default.LOG
H 8/22/2005 1:24:04 PM 1024 C:\WINNT\system32\config\SAM.LOG
H 8/22/2005 1:23:52 PM 16384 C:\WINNT\system32\config\SECURITY.LOG
H 8/22/2005 1:24:40 PM 98304 C:\WINNT\system32\config\software.LOG
H 8/22/2005 1:23:56 PM 1097728 C:\WINNT\system32\config\system.LOG
H 8/11/2005 3:01:56 AM 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
H 8/22/2005 1:22:36 PM 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Intel Corporation 3/11/2003 9:18:48 AM 94208 C:\WINNT\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 3:31:48 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Intel® Corporation 3/11/2003 3:15:56 PM 77824 C:\WINNT\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 4/8/2004 8:12:42 AM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 3/11/2003 9:18:48 AM 94208 C:\WINNT\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINNT\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}
= C:\Program Files\Microsoft Money\System\mnyside.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINNT\System32\igfxtray.exe
HotKeysCmds C:\WINNT\System32\hkcmd.exe
Hot Key Kbd 9910 Daemon SK9910DM.EXE
GWMDMMSG GWMDMMSG.exe
Keyboard Preload Check C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
GWMDMpi C:\WINNT\GWMDMpi.exe
Gateway Ink Monitor "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Lexmark 2200 Series "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
FaxCenterServer "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NeroFilterCheck C:\WINNT\system32\NeroCheck.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
I hope this is all and it is fixed thanks sooo much. Stephanie
Post by: guestolo on August 22, 2005, 09:34:06 PM
Let's try cleaning the folders out since you don't have it installed and also remove a malicious file
Run another scan and have hijackthis fix checked the next entry with all other windows closed
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab\")
Next: access your Add/Remove programs and remove Spybot 1.3
It's a great program, but we'll update you too the latest version
Reboot into safe mode
Find and delete the following in bold if found
C:\WINNT\SexDownloader.cab
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent
C:\WINNT\wt
Reboot back to Normal mode
Some final cleanup
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer
If you don't have the latest version of Ad-Aware
Which is Ad-Aware 1.06
You can download it from this direct link
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Restart if any Criticals were removed
Back in Windows
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
If everything is running better, please do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Don't forget to reenable the restore feature
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Peas2nd on August 30, 2005, 07:51:42 PM
Logfile of HijackThis v1.99.1
Scan saved at 6:48:32 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\download episodes\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sl...1PgcCmb9ZAAAKDw (http://\"http://www.pogo.com/home/home-pogop.jsp?sls=3&site=pogop&lkey=QRiNjwfS8ehm1PgcCmb9ZAAAKDw\").
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.34/omah...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/omaha/omaha-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.22/aces...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/aces/aces-ob-assets.cab\")
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/blackjack/blackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.34/cana...a-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/chec...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/ches...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.29/chec...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.0.37/domi...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.1.4.29/euch...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.5.28/soli...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.28/supe...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.1.5.28/gree...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/greenback/greenback-ob-assets.cab\")
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/draw...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.21/jigs...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/gin/gin-ob-assets.cab\")
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.21/lott...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/lottso/lottso-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.22/mahj...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.1.4.22/paig...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.0.30/free...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/freecell/freecell-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/wate...l-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.4.22/flin...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.22/pino...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.1.4.29/slot...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.29/spad...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/spid...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.5.21/sque...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.21/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.22/peak...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumb...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-6.1.1.29/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.1.1.29/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.4.29/word...p-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.4.29/whac...n-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.29/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.0.37/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.22/worl...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.1.4.22/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab (http://\"http://www.worldwinner.com/games/v46/skillgam/skillgam.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab (http://\"http://www.worldwinner.com/games/v42/shape/shape.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab (http://\"http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab (http://\"http://www.worldwinner.com/games/v44/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab (http://\"http://www.worldwinner.com/games/v42/paint/paint.cab\")
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab (http://\"http://www.worldwinner.com/games/v43/solotriv/solotriv.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb04.pogo.com/game/deluxe/zuma...aploader_v6.cab (http://\"http://playweb04.pogo.com/game/deluxe/zuma/popcaploader_v6.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I have a question how do you hide those folders back up?
thanks again.
Post by: guestolo on August 30, 2005, 09:11:26 PM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart your computer
Back in Windows
If prompted by Microsoft Anti-Spyware about a change
Allow them so it won't interfere with any fixes we are trying
Post back one last hijackthis log
To rehide hidden files and folder, please do the following
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.