Thread: HJT before and after sweeping...
- 07-18-2006 02:14 PM #1
HJT before and after sweeping...
Howdy folks -
just another set of questions from HJT log files. I had over 275 instances of spyware removed by spybot S&D. I ran HJT, logged it, then ran SBS&D. Then, created another HJT file.
The following is the HJT before the S&D program was run.
Logfile of HijackThis v1.99.1
Scan saved at 2:34:56 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\BTV\btv.exe
C:\WINNT\System32\vcmise.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\cnbjmon9.exe
C:\WINNT\iissrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\vidmon\vidmon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\calc.exe
C:\WINNT\System32\l?ass.exe
C:\WINNT\system32\PPATCH~2\iexplore.exe
C:\Program Files\NetZero\exec.exe
C:\WINNT\system32\sw3prtm.exe
C:\WINNT\System32\Sdjk.exe
C:\WINNT\System32\IviUeB.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINNT\Pynix.dll
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\ipinsigt.dll
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINNT\eltt.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SNHlprObj Class - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll (file missing)
O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Mxiv1Va1.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [gqsnjds] C:\WINNT\System32\vcmise.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [wnddrv] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
O4 - HKLM\..\Run: [cae3c3415538] C:\WINNT\System32\cnbjmon9.exe
O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
O4 - HKLM\..\Run: [vidmon] C:\WINNT\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sw3prtm] C:\WINNT\system32\sw3prtm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Zxlzgix] C:\WINNT\System32\l?ass.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: .NET Connection Service - Unknown owner - C:\WINNT\svchost.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
THEN, I RAN SPYBOT S&D. WAS GIVEN THIS AS THE NEW LOG FILE:
Logfile of HijackThis v1.99.1
Scan saved at 1:05:07 PM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\vcmise.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\cnbjmon9.exe
C:\WINNT\iissrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\LASS~1.EXE
C:\WINNT\system32\PPATCH~2\iexplore.exe
C:\Program Files\NetZero\exec.exe
C:\WINNT\System32\packager.exe
C:\WINNT\System32\Sdjk.exe
C:\WINNT\System32\VneE5.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINNT\eltt.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\LsxI52.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [gqsnjds] C:\WINNT\System32\vcmise.exe
O4 - HKLM\..\Run: [wnddrv] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
O4 - HKLM\..\Run: [cae3c3415538] C:\WINNT\System32\cnbjmon9.exe
O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zxlzgix] C:\WINNT\System32\LASS~1.EXE
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: .NET Connection Service - Unknown owner - C:\WINNT\svchost.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
any ideas/proposals would be greatly appreciated. Thanks again to you for your invaluable assistance.
-Brian
- 07-19-2006 01:08 PM #2
- Join Date
- Jan 2003
- Posts
- 12,000
- Points
- 1191
Looks like Spyboot may have fixed a number of things, but the still a number of entries that appear bad.
Please read and follow all the directions here, on what to do be fore posting a log.
http://www.help2go.com/component/opt...wtopic/t,9709/
For spybot found that many things, it appears that you have not been keeping things up to date.
On the on line pandasoft active scan, have it save the log, and post it with a new HJT log.
BG
- 07-19-2006 06:51 PM #3
You have a lot of infections which we don't see around much anymore... either you have had the computer in a box for quite a while, or you have had these infections running for a long time...
Run all the recommended programs in Basementgeek's link, and when you post a new hijackthis log, we'll clean up what's left.
steam
- 07-23-2006 11:04 PM #4
Sorry...
Guys -
will absolutely read that and fix the obvious. it wasnt obvious to me when i posted or would have done it. i apologize and will be more observant for future posts...
-Brian
(my nephew used this computer exclusively for the past three years, having basically done nothing to keep it up, and gave it back to me upon graduation, hence the spyware riddled drive.)
- 08-05-2006 09:08 PM #5
all checks run, still getting odd messages at logout
Howdy Guys,
I have run the following:
Panda Titanium
AdAware Se Personal
AVG Free Anti-virus
Spybot S/D
Each presently indicates ZERO infections/problems. The current HJT log is below. That said, when i logout, i still get an iissrv.exe error message and an scpansi.exe error message - normal?
Thanks a million for all the advice and effort guys - MOST APPRECIATED!
-Brian
Logfile of HijackThis v1.99.1
Scan saved at 8:57:09 PM, on 8/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\iissrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\PPATCH~2\iexplore.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINNT\System32\alg.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll (file missing)
O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
- 08-06-2006 03:30 PM #6
Hi
first ... the recommended programs we ask you to run include the Panda on-line scan ... not installing Panda Titanium ... you now have 2 anti-virus installed ... Panda & AVG, these may well conflict, so you should uninstall one of them...
That said, when i logout, i still get an iissrv.exe error message and an scpansi.exe error message - normal?
Can you pleae post these error messages EXACTLY as they are written ?
Make sure you can view hidden files...
--- Click here
>>> How to Show Hidden/System Files
Reboot into >>>safe mode
Run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the
Fix Checked button at the bottom. :-
O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll (file missing)
O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
Still in safemode
Find and delete :-
C:\WINNT\system32\dvdplay.dll ... file
C:\WINNT\iissrv.exe ... file
C:\WINNT\system32\PPATCH~2 ... folder (These are just the first 6 letters of this folder - I have no way of knowing it's full name )
The entire contents of the C:\documents and settings\Owner\local settings\temp folder ( Do NOT delete the folder itself)
PLEASE NOTE The local settings folder is a hidden folder.....
Reboot back to normal mode and post a new hijackthis log...
steam
- 08-24-2006 07:47 PM #7
Latest Update
Hi Steam -
thanks so much for everything...
I no longer get the iissrv.exe mesg. Here is the latest log after completing your suggestions (strangely, the ppatch~2 folder was not found when I was searching for it, after running HJT and fixing...there was some folder called AppPatch)
Logfile of HijackThis v1.99.1
Scan saved at 7:35:36 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\NetZero\exec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
Thanks much - everything *appears* to be better now. Any further suggestions would be greatly appreciated. Incidentally, the reason I installed the panda titanium is because I could *not* get the software to run in the browser properly, so did what I thought was the next best thing.
thanks again!