Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default Computer hijacked, now explorer done for

    Hi, I'm trying to fix my dad's computer... he was brilliant and went on the internet with no virus protection or windows updates. He is running Windows XP, SP1. I told him to disconnect from the internet and go buy Norton... which he did. He ran the scan and found multiple files of the Downloader, SpywareQuake, and Adware.cydoor viruses and adware that were quarantined by Norton. However, a hacker seems to have used his vulnerablility when he was on the internet to mess up his explorer. Now when I log into the computer, all programs run except for explorer, which responds by saying "Explorer has encountered a problem and needs to close." So I cannot see a desktop, start-menu, or anything really. I can ctrl-alt-del to get to the Run command and that's about it. This also occurs in safe mode. I tried replacing the wininet.dll file with one from the internet, which gets rid of the "...encountered a problem..." error message, but still doesn't start up properly, and I'm left with the same problem.

    Here's some hijackthis and smitfraudfix logs, if they're any help:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:55:36 AM, on 07/02/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\cmd.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Profiles\default\mf6svlg5.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
    O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra button: Support - {252E3068-9AFC-4F0F-A692-AC62BFB0A80D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O15 - Trusted Zone: www.neopets.com
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154a4185...p/RdxIE601.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144757112078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE


    Here's Smitfraudfix before I told it to repair:

    SmitFraudFix v2.65

    Scan done at 11:19:33.82, 07/02/2006
    Run from G:\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\atmclk.exe FOUND !
    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul Schladt\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PAULSC~1\FAVORI~1

    C:\DOCUME~1\PAULSC~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Security IGuard\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched"

    [HKEY_CLASSES_ROOT\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Here's SmitfraudFix after the repair:

    SmitFraudFix v2.65

    Scan done at 11:29:44.04, 07/02/2006
    Run from G:\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched"

    [HKEY_CLASSES_ROOT\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\System32\viwpzla.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched"

    [HKEY_CLASSES_ROOT\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}\InProcServer32]
    @="C:\WINDOWS\System32\viwpzla.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» End



    Any help would be very much appreciated! Thanks!
    Matt

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Ctrl-Alt-Del and bring up task manager.... file > new task > enter explorer click OK...

    Does explorer now run ?

    if not...

    Go to C:\WINDOWS\explorer.exe > right click the file > properties > & make a note of everything on the General & version tabs

    post the information here...

    Also please post a new hijackthis log ... the one you posted was made before you ran the smitfraudfix...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default

    The error message "windows explorer has encountered a problem" still pops up when I try to run explorer.exe.

    I cannot access any folders unless I go through the dos command prompt, as the rest of Windows is based on the explorer files. However, looking at the error log that pops up, I can see the following info for explorer.exe:

    AppVer: 6.0.2800.1221
    ModVer: 5.1.2600.1106

    Here's the new HijackThis log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:48:30 PM, on 07/02/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Common Files\Symantec Shared\NMAIN.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Profiles\default\mf6svlg5.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
    O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp (file missing)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra button: Support - {252E3068-9AFC-4F0F-A692-AC62BFB0A80D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O15 - Trusted Zone: www.neopets.com
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154a4185...p/RdxIE601.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144757112078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE


    Thanks!
    Matt

  4. #4
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Your log indicates that you have used the system's configuration utility. Most likely, you've used this to stop some running process. Please return to the msconfig utility and re-enable all the processes that you previously disabled, as some of these processes may well have some relivance to these current issues.

    Reboot the computer then click the "Do not show me this again" box in the pop up window that comes up on reboot.

    Download Ewido anti-spyware to your desktop.
    This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.
    1. Double click the icon on the desktop to launch the set up program.
    2. Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
    3. Once the setup is complete you will need to update the definition files.
    4. On the main screen select the icon Update then select the Update now link.
    5. Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
    6. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
    7. Once in the Settings screen click on Recommended actions and then select Quarantine.
    8. Under Reports
    9. Select Automatically generate report after every scan
    10. Un-Select Only if threats were found


    Close ewido anti-spyware.

    Please boot into Safe mode:

    Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
    Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

    • Lauch ewido anti-spyware by double-clicking the icon on your desktop.
    • Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
    • ewido will now begin the scanning process, be patient this may take some time.
      Once the scan is complete do the following:
    • When prompted of an infection, please select Apply all actions
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

    Now close ewido anti-spyware.

    Please run HijackThis again and check the box next to these entries:

    O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O15 - Trusted Zone: www.neopets.com

    Let's remove this at least until we can get you cleaned so we can have you install the sp2 patches:
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

    Close all windows except for HijackThis before clicking Fix Checked.

    Reboot the computer and post a new HijackThis log along with the log from your Ewido scan. Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You may not have explorer running, but you have internet explorer running...

    Paste this into the address bar of internet explorer & press GO

    C:\WINDOWS

    The windows folder will open & you can then get all the details from the explorer.exe file

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default

    Hi Steam,

    When I start the computer in either normal or safe mode, it just comes up with a blank page with a mouse after I dismiss the error message. I looked up what internet explorer's command would be and found it, ran it, and it worked. I looked up the explorer.exe file:

    General:
    Size 973KB

    Version:
    6.0.2800.1221 (xpsp2.030511-1403)

    I'm working on making a new hijack file as well after I check to see if my dad turned off any processes in the configuration utility.

  7. #7
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default

    Ok, so it turned out my dad had it on selective startup. I switched it over to Normal Startup and still have the same problem.

    Here's the hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:47:09 PM, on 07/03/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\cmd.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Profiles\default\mf6svlg5.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
    O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp (file missing)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WinMem] C:\Program Files\blcorp\WCCSC\WinMem\WinMem.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra button: Support - {252E3068-9AFC-4F0F-A692-AC62BFB0A80D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O15 - Trusted Zone: www.neopets.com
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154a4185...p/RdxIE601.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144757112078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

  8. #8
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default

    1972Vet,

    Here is the updated Hijackthis and Ewido scan files below. Like I said above, my dad had msconfig running in a selective mode. I changed this to normal, but still had the same symptoms:

    Ewido:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:41:14 PM 7/3/2006

    + Scan result:



    C:\WINDOWS\iLookup -> Adware.eZula : No action taken.
    C:\Program Files\PerfectNav -> Adware.PerfectNav : No action taken.
    C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : No action taken.
    C:\WINDOWS\system32\spool\PRINTERS\00013.SPL -> Backdoor.Agobot : No action taken.
    C:\WINDOWS\system32\spool\PRINTERS\00015.SPL -> Backdoor.Agobot : No action taken.
    :mozilla.10:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.11:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.23:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.24:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.25:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.26:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.27:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.28:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.29:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.30:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.31:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.32:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.33:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.34:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.35:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.36:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.37:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.59:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.60:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.61:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.63:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.13:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.14:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.15:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.16:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.17:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.26:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.27:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.7:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.8:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.9:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.37:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.83:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@bpath[1].txt -> TrackingCookie.Bpath : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@click2net[1].txt -> TrackingCookie.Click2net : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@click2net[1].txt -> TrackingCookie.Click2net : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@ads.clickagents[1].txt -> TrackingCookie.Clickagents : No action taken.
    :mozilla.57:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
    :mozilla.69:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
    :mozilla.123:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@com[2].txt -> TrackingCookie.Com : No action taken.
    :mozilla.10:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.12:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.13:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\qsn4uals.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.21:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.114:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.115:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.116:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.117:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.135:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.142:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.146:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.62:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.63:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.64:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.66:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.67:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.70:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.85:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.86:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.45:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.46:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.47:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.48:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@ads.link4ads[1].txt -> TrackingCookie.Link4ads : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@ads.link4ads[2].txt -> TrackingCookie.Link4ads : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@ads.link4ads[1].txt -> TrackingCookie.Link4ads : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@ads.link4ads[3].txt -> TrackingCookie.Link4ads : No action taken.
    :mozilla.126:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.128:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.129:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.133:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.134:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.124:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.39:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.22:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.23:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.24:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.25:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@gm.preferences[1].txt -> TrackingCookie.Preferences : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@gm.preferences[2].txt -> TrackingCookie.Preferences : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@preferences[2].txt -> TrackingCookie.Preferences : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@preferences[3].txt -> TrackingCookie.Preferences : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@preferences[1].txt -> TrackingCookie.Preferences : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\schladt@preferences[3].txt -> TrackingCookie.Preferences : No action taken.
    :mozilla.13:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.14:C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Firefox\Profiles\dj1q2qen.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.88:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.91:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.92:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.105:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.106:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.107:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.108:C:\Documents and Settings\Paul Schladt\Application Data\Netscape\NSB\Profiles\eaysqbj6.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\paul schladt@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Paul Schladt\Cookies\anyuser@track-star[1].txt -> TrackingCookie.Track-star : No action taken.
    C:\Program Files\Media-Codec -> Trojan.Small : No action taken.
    C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.


    ::Report end




    Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:53:44 PM, on 07/03/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\cmd.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Profiles\default\mf6svlg5.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra button: Support - {252E3068-9AFC-4F0F-A692-AC62BFB0A80D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154a4185...p/RdxIE601.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144757112078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe



    Thanks!
    Matt

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Boot into safemode...

    Run Ewido again a nd this time let it clean/remove eveything it finds...

    Then...

    run hijackthis and place a checkmark against the following :-

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep age/

    O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp (file missing)

    O9 - Extra button: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C92647B-BDC9-4B81-A06F-9633519081C5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D06F0D4-6992-4747-9332-BBCA420D6DD5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0F19687B-87AB-4E4F-929C-123C089AD1C7} - (no file) (HKCU)

    O9 - Extra button: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25994C15-07E8-4434-A4DC-CCA2266FACDD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26B4BCBD-0A65-43DA-978C-29CCA6E76724} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48B212C8-8D3E-4742-8599-E61B4D816285} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48C3142E-FA91-45C5-A5C1-711F86B0E91E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B1305D8-3DB1-452B-A847-7E888F0B08FD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B5A21EB-09C3-47AB-9EC0-C80990D3D04E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D703B90-A672-44F1-A8F1-78AE2CA99291} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {611176BF-2449-4F88-B338-BA174DEC53E1} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71BC2664-37AD-46DD-A55D-33C21A30A5D6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {73EC1CA3-C021-4B4D-BF5D-B97424CB9CFC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7B67BE5D-535A-46FF-BCC4-5853C4075730} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F31D676-7376-4CDD-ADC4-9973AAD459C4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C6BCA6C-BE27-45A7-AB03-E60C54AF7AB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D22B1A8-DD2F-4583-81A9-9B2FFA3E5143} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5342D65-8E3C-4009-9EB9-F7AD5BD0208E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ACE7FD47-2035-4B24-8994-372BBE6CB046} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7AB1E15-68EF-4F78-A553-643F656C41CD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB0C110C-3AE7-41A2-9A73-579AE7121C12} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C85EB006-B1C6-4647-80AF-9E5E07C33330} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF5875DE-CBBE-4210-9B7C-EBDB0F01C753} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D317B650-2B21-4A82-B9B8-92ABA5CB8CBF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D42DEA42-51C4-4FBF-9004-65D4CCB20323} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DFE1ABA4-3CCF-4678-8CF4-9AF945FC8C57} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7CA63E8-6050-40FB-8D6D-EF765078BEB2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB4FE97A-0680-4EE5-9442-2D8FA774E541} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F20E9D17-AEE0-42A7-84C9-360B2555295F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F7CF08B9-BDCD-4060-A5DE-304F238AF4FC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FE0D1533-C1EA-4D65-9B18-3C854A83B4B7} - (no file) (HKCU)

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/154a4185a733f9984515/netzip /RdxIE601.cab


    Click the "fix checked" button

    I doubt this will fix your problem ... but please let us know and post a new hijackthis log + the new EWIDO log ... before we continue...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Jul 2006
    Posts
    8
    Points
    0

    Default

    Steam,

    I was finally able to solve my problem... I tried connecting the computer to the internet, but found that the Network Connections didn't have an icon for the connection. That lead me over to Windows Services which I found that all services had been disabled. I used my laptop to find the correct settings for all the services. I restarted and I still had the same problem of the blank desktop, but now I had internet access. I immediately went to Windows Update and downloaded SP2. The update worked and my dad's desktop came back up on restart. I completed all windows updates remaining and restarted again. I ran Ewido and it caught a few things, which I quarantined. I installed a fresh copy of Norton Systemworks 2005 and am now doing another sweep of the computer with that program. I also ran hijackthis and removed the entries you had mentioned previously. Everything seems to be working smoothly now, but just in case, here's the current hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:13:37 PM, on 07/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\Smtray.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Nikon\NkView4\NkVwMon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\explorer.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Documents and Settings\Paul Schladt\Application Data\Mozilla\Profiles\default\mf6svlg5.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WinMem] C:\Program Files\blcorp\WCCSC\WinMem\WinMem.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {252E3068-9AFC-4F0F-A692-AC62BFB0A80D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144757112078
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85D6B5C8-0B88-4482-90C9-C30DA8337F32}: NameServer = 192.168.0.1
    O20 - AppInit_DLLs: KATRACK.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\blcorp\WCCSC\RegOpt\RegManServ.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE


    Thanks Everyone!

Page 1 of 2 12 LastLast