TheTechGuide Forum

General Category => Tech Clinic => Topic started by: almost panicky on January 07, 2006, 05:21:27 AM

Title: At a loss need help
Post by: almost panicky on January 07, 2006, 05:21:27 AM

i have read through many others' posts and forums and have tried many of the suggestions that have been made to others with similar probs. i have done the hijack this!, smitrem, ewido, various anti-spy adware and anti-virus programs and scans and nothing seems to be able to get rid of this thing. i no longer have a prob with homepage getting sent to this security deal, but im still gettin this balloon sayin my system is infected coming from this windows update icon. im at a loss of what to do at this point, i've been at it for several hours and many of the anti-virus sites dont have anything on whatever this thing is. i cant seem to get rid of it and i would greatly appreciate any help.

Title: At a loss need help
Post by: guestolo on January 07, 2006, 01:42:54 PM

Can you read the top sticky please
Here's a direct link
Click here (http://\"http://www.thetechguide.com/forum/index.php?showtopic=22942\")

Post a Hijackthis log back here please

Title: At a loss need help
Post by: almost panicky on January 07, 2006, 07:16:14 PM

after running the cleanup.. i've lost my normal xp look. dunno how or where to get it back.. anyway, that being just an annoyance, here is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:14:14 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Documents and Settings\x\Desktop\New Folder\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\x\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/rooms/findplayer.jsp?s...mZTWCmb30QAAKDw (http://\"http://www.pogo.com/rooms/findplayer.jsp?site=pogop&lkey=Q7o4aRGX_mgYmZTWCmb30QAAKDw\").
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS (http://\"http://bar.mywebsearch.com/menusearch.html?p=ZS\")
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://play.pogo.com (http://\"http://play.pogo.com\")
O16 - DPF: 3 Point Showdown by pogo - http://threepoint.pogo.com/applet-5.9.3.29...t-ob-assets.cab (http://\"http://threepoint.pogo.com/applet-5.9.3.29/threepoint/threepoint-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.31/aces...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.31/aces/aces-ob-assets.cab\")
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-6.0.4.31/slot...a-ob-assets.cab (http://\"http://slots.pogo.com/applet-6.0.4.31/slots/alibaba-ob-assets.cab\")
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.0.0.32/bac...n-ob-assets.cab (http://\"http://gammon.pogo.com/applet-6.0.0.32/backgammon/backgammon-ob-assets.cab\")
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/vid...k-ob-assets.cab (http://\"http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.4.31/ca...a-ob-assets.cab (http://\"http://canasta.pogo.com/applet-6.0.4.31/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-6.0.2.21/c...s-ob-assets.cab (http://\"http://checkers.pogo.com/applet-6.0.2.21/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/che...2-ob-assets.cab (http://\"http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab\")
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribb...e-ob-assets.cab (http://\"http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.9.0...g-ob-assets.cab (http://\"http://checkeredflag.pogo.com/applet-5.9.0.25/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-6.0.0.25/dom...o-ob-assets.cab (http://\"http://domino.pogo.com/applet-6.0.0.25/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.5.37/euc...e-ob-assets.cab (http://\"http://euchre.pogo.com/applet-5.9.5.37/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-5.9.5.30/soli...2-ob-assets.cab (http://\"http://game3.pogo.com/applet-5.9.5.30/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.0.4.31...o-ob-assets.cab (http://\"http://superbingo.pogo.com/applet-6.0.4.31/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.2.21/...k-ob-assets.cab (http://\"http://greenback.pogo.com/applet-5.9.2.21/greenback/greenback-ob-assets.cab\")
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab (http://\"http://hearts.pogo.com/applet-6.0.3.35/hearts/hearts-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game5.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.4.37/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/pool2/pool-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.4.37/jigs...w-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.37/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab (http://\"http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.37/gin/gin-ob-assets.cab (http://\"http://gin.pogo.com/applet-6.0.4.37/gin/gin-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.3.35/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.4.37/mlsl...s-ob-assets.cab (http://\"http://game6.pogo.com/applet-6.0.4.37/mlslots/mlslots-ob-assets.cab\")
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab (http://\"http://nascar.pogo.com/applet-5.9.1.18/nascar/nascar-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.0.4.31/paig...w-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.31/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-6.0.4.31/f...l-ob-assets.cab (http://\"http://freecell.pogo.com/applet-6.0.4.31/freecell/freecell-ob-assets.cab\")
O16 - DPF: Pebble Beach Golf by pogo - http://game4.pogo.com/applet-5.9.5.37/pebb...e-ob-assets.cab (http://\"http://game4.pogo.com/applet-5.9.5.37/pebble/pebble-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.2.29...l-ob-assets.cab (http://\"http://waterwheel.pogo.com/applet-6.0.2.29/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.31/flin...r-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pino...e-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.3.28/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-5.9.0.25...d-ob-assets.cab (http://\"http://swashbucks.pogo.com/applet-5.9.0.25/piratesgold/piratesgold-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab (http://\"http://popfu.pogo.com/applet-6.0.4.37/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.2.21/popp...t-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.2.21/poppit/poppit-ob-assets.cab\")
O16 - DPF: Ricochet by pogo - http://game5.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab (http://\"http://game5.pogo.com/applet-5.9.0.18/ricochet/ricochet-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9.4.30/s...2-ob-assets.cab (http://\"http://showbiz2.pogo.com/applet-5.9.4.30/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5.30/spa...s-ob-assets.cab (http://\"http://spades.pogo.com/applet-5.9.5.30/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.30...s-ob-assets.cab (http://\"http://squelchies.pogo.com/applet-5.9.5.30/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.0.32...h-ob-assets.cab (http://\"http://sweettooth.pogo.com/applet-6.0.0.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.0.4.31/peak...s-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.4.31/jum...e-ob-assets.cab (http://\"http://jumbee.pogo.com/applet-6.0.4.31/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.37/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-5.9.5.37/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab (http://\"http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/word...p-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.4.37/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.4.37/...n-ob-assets.cab (http://\"http://whackdown.pogo.com/applet-6.0.4.37/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab (http://\"http://wordjong.pogo.com/applet-6.0.4.31/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.25/worl...s-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.0.25/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab (http://\"http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.2.7.cab (http://\"http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.2.7.cab\")
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.n...GAPANEL_USA.cab (http://\"http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play03.pogo.com/game/deluxe/zuma/popcaploader_v5.cab (http://\"http://play03.pogo.com/game/deluxe/zuma/popcaploader_v5.cab\")
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab (http://\"http://plugin.secureservicepack.com/secureservicepack.cab\")
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\x\Desktop\New Folder\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Title: At a loss need help
Post by: guestolo on January 08, 2006, 12:10:58 AM

Is that your ownly problem now
Is the loss of the XP theme?

I don't see any of the logs from the tools that you ran
What instructions did you follow?

Can you also do the following
download and save Lunalook.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=442\")
UNZIP the contents to your desktop so you now have the lunalook folder on your desktop
Open the folder
Double click on Find1.bat>>A text file will open, copy and paste back here the WHOLE contents please
Afterwards, double click on lunafind.bat
It may appear as nothing is happening, give this a minute or so
Eventually, a text file should open, copy and paste the whole contents also

Title: At a loss need help
Post by: almost panicky on January 08, 2006, 12:38:18 AM

no that isnt my only prob, thats just a minor nuisance.. my problem is this program or whatever that keeps popping up a balloon from the system tray using the windows update icon saying sytem intrusion detected and constantly installing spyware striker. i can't seem to get rid of it. i used the ewido and cleanup and, smitrem (which i no longer need as i dont have the smitfraud-c anymore). i got those from other responses on this forum. here is the log from lunalook:

Volume in drive C is SYS648-XPH
 Volume Serial Number is 9410-BE68

 Directory of C:\WINDOWS\Resources\Themes

11/20/2003  07:07 AM    <DIR>          .
11/20/2003  07:07 AM    <DIR>          ..
01/07/2006  07:53 AM    <DIR>          Luna
08/29/2002  06:00 AM             1,222 Luna.theme
08/29/2002  06:00 AM             3,025 Windows Classic.theme
               2 File(s)          4,247 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna

01/07/2006  07:53 AM    <DIR>          .
01/07/2006  07:53 AM    <DIR>          ..
11/20/2003  07:06 AM    <DIR>          Shell
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

11/20/2003  07:06 AM    <DIR>          .
11/20/2003  07:06 AM    <DIR>          ..
11/20/2003  07:07 AM    <DIR>          Homestead
11/20/2003  07:07 AM    <DIR>          Metallic
11/20/2003  07:06 AM    <DIR>          NormalColor
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

11/20/2003  07:07 AM    <DIR>          .
11/20/2003  07:07 AM    <DIR>          ..
08/29/2002  06:00 AM           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

11/20/2003  07:07 AM    <DIR>          .
11/20/2003  07:07 AM    <DIR>          ..
08/29/2002  06:00 AM           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

11/20/2003  07:06 AM    <DIR>          .
11/20/2003  07:06 AM    <DIR>          ..
08/29/2002  06:00 AM           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

     Total Files Listed:
               5 File(s)      1,090,711 bytes
              17 Dir(s)  16,710,676,480 bytes free

Title: At a loss need help
Post by: guestolo on January 08, 2006, 01:29:44 AM

Code: [Select]

EDIT>>If you haven't started the below fixes yet
SmitRem has been updated to fix this new variant
You do not need
fix.reg or run the uninstaller for SpywareStrike
You can omit those 2 parts, but do the rest
Most important, Delete your copy of Smitrem.exe and the SmitRem folder
and download the newest version
SmitRem is apparently supposed to have an update to fix this
But I'm not sure if it's updated as yet

Can you do please do all the following

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop, we'll need this later, don't run it yet
Ensure to include REGEDIT4 and below in the code box
 

Code: [Select]

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareStrike]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareStrike"=-
[/s]
Delete your copy of SmitRem.exe and the SmitRem folder

Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Don't run it yet

Save the rest of these instructions to a Notepad file saved to your desktop

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab (http://\"http://plugin.secureservicepack.com/secureservicepack.cab\")


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Navigate to the following folder if found
C:\Program Files\SpywareStrike <-this folder, open the SpywareStrike folder
If "uninstall.exe" or uninst.exe is present, double click to run it to remove SpywareStriker
After that is done
Delete the "SpywareStrike" folder

Stay in safe mode
Find and delete this file
C:\WINDOWS\System32\netwrap.dll<--exact file name in the system32 folder
If it won't delete, we'll try and get it later

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode

==Double click on fix.reg and allow to add/merge to the registry

If you couldn't delete netwrap.dll earlier or couldn't find the file, please do the following
Open Hijackthis>>Open Misc tools section>>Open "Delete file on Reboot"
In the File name space copy and paste the bold path below and then click the OPEN button

C:\WINDOWS\System32\netwrap.dll

Reboot back to Normal mode

Back in Windows, I need to see the following please

1. Run Hijackthis again and post a fresh log
2. Post the report from Smitrem located here C:\Smitfiles.txt

Additionally, you posted the contents of Find1.bat
Can you also run lunafind.bat in the lunalook folder
Wait for this too complete and post the contents
You must make sure you unzip this first before running it

Title: At a loss need help
Post by: almost panicky on January 09, 2006, 08:26:38 PM

after running the new smitrem, that balloon is gone and spywarestriker isnt comin up anymore, think that did it finally. here are the logs:

hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 7:21:36 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Documents and Settings\x\Desktop\New Folder\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\FASTDE~1\FAST2.EXE
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Documents and Settings\x\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/rooms/findplayer.jsp?s...mZTWCmb30QAAKDw (http://\"http://www.pogo.com/rooms/findplayer.jsp?site=pogop&lkey=Q7o4aRGX_mgYmZTWCmb30QAAKDw\").
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS (http://\"http://bar.mywebsearch.com/menusearch.html?p=ZS\")
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://play.pogo.com (http://\"http://play.pogo.com\")
O16 - DPF: 3 Point Showdown by pogo - http://threepoint.pogo.com/applet-5.9.3.29...t-ob-assets.cab (http://\"http://threepoint.pogo.com/applet-5.9.3.29/threepoint/threepoint-ob-assets.cab\")
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.31/aces...s-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.31/aces/aces-ob-assets.cab\")
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-6.0.4.31/slot...a-ob-assets.cab (http://\"http://slots.pogo.com/applet-6.0.4.31/slots/alibaba-ob-assets.cab\")
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.0.0.32/bac...n-ob-assets.cab (http://\"http://gammon.pogo.com/applet-6.0.0.32/backgammon/backgammon-ob-assets.cab\")
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/vid...k-ob-assets.cab (http://\"http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab\")
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.4.31/ca...a-ob-assets.cab (http://\"http://canasta.pogo.com/applet-6.0.4.31/canasta/canasta-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-6.0.2.21/c...s-ob-assets.cab (http://\"http://checkers.pogo.com/applet-6.0.2.21/checkers2/checkers-ob-assets.cab\")
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/che...2-ob-assets.cab (http://\"http://chess2.pogo.com/applet-5.9.0.25/chess2/chess2-ob-assets.cab\")
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribb...e-ob-assets.cab (http://\"http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab\")
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.9.0...g-ob-assets.cab (http://\"http://checkeredflag.pogo.com/applet-5.9.0.25/checkeredflag/checkeredflag-ob-assets.cab\")
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-6.0.0.25/dom...o-ob-assets.cab (http://\"http://domino.pogo.com/applet-6.0.0.25/domino/domino-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.5.37/euc...e-ob-assets.cab (http://\"http://euchre.pogo.com/applet-5.9.5.37/euchre/euchre-ob-assets.cab\")
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-5.9.5.30/soli...2-ob-assets.cab (http://\"http://game3.pogo.com/applet-5.9.5.30/solitaire2/solitaire2-ob-assets.cab\")
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.0.4.31...o-ob-assets.cab (http://\"http://superbingo.pogo.com/applet-6.0.4.31/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9.2.21/...k-ob-assets.cab (http://\"http://greenback.pogo.com/applet-5.9.2.21/greenback/greenback-ob-assets.cab\")
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab (http://\"http://hearts.pogo.com/applet-6.0.3.35/hearts/hearts-ob-assets.cab\")
O16 - DPF: High Stakes Poker by pogo - http://game5.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.4.37/drawpoker/drawpoker-ob-assets.cab\")
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/pool2/pool-ob-assets.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.4.37/jigs...w-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.37/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab (http://\"http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab\")
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.37/gin/gin-ob-assets.cab (http://\"http://gin.pogo.com/applet-6.0.4.37/gin/gin-ob-assets.cab\")
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.3.35/mahjong/mahjong-ob-assets.cab\")
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.4.37/mlsl...s-ob-assets.cab (http://\"http://game6.pogo.com/applet-6.0.4.37/mlslots/mlslots-ob-assets.cab\")
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab (http://\"http://nascar.pogo.com/applet-5.9.1.18/nascar/nascar-ob-assets.cab\")
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.0.4.31/paig...w-ob-assets.cab (http://\"http://game3.pogo.com/applet-6.0.4.31/paigow/paigow-ob-assets.cab\")
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-6.0.4.31/f...l-ob-assets.cab (http://\"http://freecell.pogo.com/applet-6.0.4.31/freecell/freecell-ob-assets.cab\")
O16 - DPF: Pebble Beach Golf by pogo - http://game4.pogo.com/applet-5.9.5.37/pebb...e-ob-assets.cab (http://\"http://game4.pogo.com/applet-5.9.5.37/pebble/pebble-ob-assets.cab\")
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.2.29...l-ob-assets.cab (http://\"http://waterwheel.pogo.com/applet-6.0.2.29/waterwheel/waterwheel-ob-assets.cab\")
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.31/flin...r-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/flinger/flinger-ob-assets.cab\")
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.28/pino...e-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.3.28/pinochle/pinochle-ob-assets.cab\")
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-5.9.0.25...d-ob-assets.cab (http://\"http://swashbucks.pogo.com/applet-5.9.0.25/piratesgold/piratesgold-ob-assets.cab\")
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab (http://\"http://popfu.pogo.com/applet-6.0.4.37/popfu/popfu-ob-assets.cab\")
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.2.21/popp...t-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.2.21/poppit/poppit-ob-assets.cab\")
O16 - DPF: Ricochet by pogo - http://game5.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab (http://\"http://game5.pogo.com/applet-5.9.0.18/ricochet/ricochet-ob-assets.cab\")
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9.4.30/s...2-ob-assets.cab (http://\"http://showbiz2.pogo.com/applet-5.9.4.30/slots/showbiz2-ob-assets.cab\")
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5.30/spa...s-ob-assets.cab (http://\"http://spades.pogo.com/applet-5.9.5.30/spades/spades-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/spider/spider-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.5.30...s-ob-assets.cab (http://\"http://squelchies.pogo.com/applet-5.9.5.30/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.0.32...h-ob-assets.cab (http://\"http://sweettooth.pogo.com/applet-6.0.0.32/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/holdem/holdem-ob-assets.cab\")
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.0.4.31/peak...s-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.4.31/peaks/peaks-ob-assets.cab\")
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.4.31/jum...e-ob-assets.cab (http://\"http://jumbee.pogo.com/applet-6.0.4.31/jumbee/jumbee-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.com/applet-5.9.5.37/turb...1-ob-assets.cab (http://\"http://game5.pogo.com/applet-5.9.5.37/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab (http://\"http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/word...p-ob-assets.cab (http://\"http://game5.pogo.com/applet-6.0.4.37/wordwhomp/wordwhomp-ob-assets.cab\")
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.4.37/...n-ob-assets.cab (http://\"http://whackdown.pogo.com/applet-6.0.4.37/whackdown/whackdown-ob-assets.cab\")
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab (http://\"http://wordjong.pogo.com/applet-6.0.4.31/wordjong/wordjong-ob-assets.cab\")
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.25/worl...s-ob-assets.cab (http://\"http://game4.pogo.com/applet-6.0.0.25/worldclass/worldclass-ob-assets.cab\")
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab (http://\"http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.2.7.cab (http://\"http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.2.7.cab\")
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.n...GAPANEL_USA.cab (http://\"http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play03.pogo.com/game/deluxe/zuma/popcaploader_v5.cab (http://\"http://play03.pogo.com/game/deluxe/zuma/popcaploader_v5.cab\")
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\x\Desktop\New Folder\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

smitfiles.txt:


   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 01/09/2006
The current time is: 19:14:30.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!


 checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Online Security Guide.url


 ~~~ Favorites ~~~

shopping


 ~~~ system32 folder ~~~

netwrap.dll


 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 752 'explorer.exe'
Killing PID 752 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~

shopping


 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

files.txt from lunalook:

 Volume in drive C is SYS648-XPH
 Volume Serial Number is 9410-BE68

 Directory of C:\WINDOWS\$NtServicePackUninstall$

08/29/2002  06:00 AM         4,186,256 luna.msstyles
               1 File(s)      4,186,256 bytes

Title: At a loss need help
Post by: guestolo on January 09, 2006, 09:37:45 PM

Can you do the following please

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Navigate to this folder
C:\Documents and Settings\x\Favorites <-this folder
x indicates your user account name

Within the favorites folder delete the "shopping" shortcut if found

Navigate to this folder,
C:\WINDOWS\$NtServicePackUninstall$
Open the $NtServicePackUninstall$ folder
Inside the folder look for luna.msstyles
Right click on luna.msstyles and select copy from the menu bar

Navigate to this folder
C:\WINDOWS\Resources\Themes\Luna
inside ONLY the Luna folder right click and select PASTE from the menu

Now open your Display Properties and see if you can change to Windows XP Under the Themes and Appearance tabs

I would make sure at this point you make sure that McAfee's is right updated
and run a full system scan

Post back one last hijackthis log and let me know how things are running