Results 1 to 7 of 7
  1. #1
    Member tyrrhena's Avatar
    Join Date
    May 2005
    Posts
    12
    Points
    0

    Default HJT before and after sweeping...

    Howdy folks -
    just another set of questions from HJT log files. I had over 275 instances of spyware removed by spybot S&D. I ran HJT, logged it, then ran SBS&D. Then, created another HJT file.

    The following is the HJT before the S&D program was run.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:34:56 PM, on 7/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\BTV\btv.exe
    C:\WINNT\System32\vcmise.exe
    C:\WINNT\svchost.exe
    C:\WINNT\System32\cnbjmon9.exe
    C:\WINNT\iissrv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\vidmon\vidmon.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\calc.exe
    C:\WINNT\System32\l?ass.exe
    C:\WINNT\system32\PPATCH~2\iexplore.exe
    C:\Program Files\NetZero\exec.exe
    C:\WINNT\system32\sw3prtm.exe
    C:\WINNT\System32\Sdjk.exe
    C:\WINNT\System32\IviUeB.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\explorer.exe
    C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R3 - URLSearchHook: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINNT\Pynix.dll
    O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\ipinsigt.dll
    O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINNT\eltt.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SNHlprObj Class - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll (file missing)
    O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
    O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
    O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
    O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
    O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
    O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
    O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
    O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
    O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
    O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Mxiv1Va1.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
    O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
    O4 - HKLM\..\Run: [gqsnjds] C:\WINNT\System32\vcmise.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
    O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
    O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
    O4 - HKLM\..\Run: [wnddrv] C:\WINNT\svchost.exe
    O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
    O4 - HKLM\..\Run: [cae3c3415538] C:\WINNT\System32\cnbjmon9.exe
    O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
    O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
    O4 - HKLM\..\Run: [vidmon] C:\WINNT\system32\vidmon\vidmon.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [sw3prtm] C:\WINNT\system32\sw3prtm.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\Run: [Zxlzgix] C:\WINNT\System32\l?ass.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: .NET Connection Service - Unknown owner - C:\WINNT\svchost.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)





    THEN, I RAN SPYBOT S&D. WAS GIVEN THIS AS THE NEW LOG FILE:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:07 PM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\System32\vcmise.exe
    C:\WINNT\svchost.exe
    C:\WINNT\System32\cnbjmon9.exe
    C:\WINNT\iissrv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\LASS~1.EXE
    C:\WINNT\system32\PPATCH~2\iexplore.exe
    C:\Program Files\NetZero\exec.exe
    C:\WINNT\System32\packager.exe
    C:\WINNT\System32\Sdjk.exe
    C:\WINNT\System32\VneE5.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - URLSearchHook: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINNT\eltt.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
    O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
    O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll
    O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
    O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
    O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
    O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\LsxI52.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [gqsnjds] C:\WINNT\System32\vcmise.exe
    O4 - HKLM\..\Run: [wnddrv] C:\WINNT\svchost.exe
    O4 - HKLM\..\Run: [eltupt] C:\WINNT\eltupt.exe
    O4 - HKLM\..\Run: [cae3c3415538] C:\WINNT\System32\cnbjmon9.exe
    O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
    O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Zxlzgix] C:\WINNT\System32\LASS~1.EXE
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: .NET Connection Service - Unknown owner - C:\WINNT\svchost.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe



    any ideas/proposals would be greatly appreciated. Thanks again to you for your invaluable assistance.

    -Brian

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Looks like Spyboot may have fixed a number of things, but the still a number of entries that appear bad.

    Please read and follow all the directions here, on what to do be fore posting a log.

    http://www.help2go.com/component/opt...wtopic/t,9709/

    For spybot found that many things, it appears that you have not been keeping things up to date.

    On the on line pandasoft active scan, have it save the log, and post it with a new HJT log.

    BG

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    You have a lot of infections which we don't see around much anymore... either you have had the computer in a box for quite a while, or you have had these infections running for a long time...

    Run all the recommended programs in Basementgeek's link, and when you post a new hijackthis log, we'll clean up what's left.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  4. #4
    Member tyrrhena's Avatar
    Join Date
    May 2005
    Posts
    12
    Points
    0

    Default Sorry...

    Guys -
    will absolutely read that and fix the obvious. it wasnt obvious to me when i posted or would have done it. i apologize and will be more observant for future posts...

    -Brian
    (my nephew used this computer exclusively for the past three years, having basically done nothing to keep it up, and gave it back to me upon graduation, hence the spyware riddled drive.)

  5. #5
    Member tyrrhena's Avatar
    Join Date
    May 2005
    Posts
    12
    Points
    0

    Default all checks run, still getting odd messages at logout

    Howdy Guys,
    I have run the following:
    Panda Titanium
    AdAware Se Personal
    AVG Free Anti-virus
    Spybot S/D

    Each presently indicates ZERO infections/problems. The current HJT log is below. That said, when i logout, i still get an iissrv.exe error message and an scpansi.exe error message - normal?

    Thanks a million for all the advice and effort guys - MOST APPRECIATED!

    -Brian

    Logfile of HijackThis v1.99.1
    Scan saved at 8:57:09 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\iissrv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\PPATCH~2\iexplore.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\WINNT\System32\alg.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
    O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
    O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll (file missing)
    O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
    O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
    O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
    O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
    O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll
    O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
    O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    first ... the recommended programs we ask you to run include the Panda on-line scan ... not installing Panda Titanium ... you now have 2 anti-virus installed ... Panda & AVG, these may well conflict, so you should uninstall one of them...

    That said, when i logout, i still get an iissrv.exe error message and an scpansi.exe error message - normal?
    .... err NO

    Can you pleae post these error messages EXACTLY as they are written ?

    Make sure you can view hidden files...

    --- Click here

    >>> How to Show Hidden/System Files



    Reboot into >>>safe mode

    Run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the

    Fix Checked button at the bottom. :-

    O2 - BHO: (no name) - {1B6FC318-41BA-736D-FBAB-72FCDF53E9FB} - C:\WINNT\System32\fbwbwj.dll (file missing)
    O2 - BHO: (no name) - {31E0158B-9220-F2A6-60F4-A291594F98FB} - C:\WINNT\System32\cebe.dll (file missing)
    O2 - BHO: (no name) - {32A90E69-94AB-9906-A933-9E2B50C987CA} - C:\WINNT\system32\fcybttra.dll (file missing)
    O2 - BHO: (no name) - {50388F90-0A67-6DE1-2576-6A2D82F3F3A9} - C:\WINNT\System32\pwahhs.dll (file missing)
    O2 - BHO: (no name) - {5241D2BC-021E-329E-0381-30B8FBC6A4FF} - C:\WINNT\System32\xxhcsfd.dll (file missing)

    O2 - BHO: (no name) - {8F223CBA-B01B-8095-06D6-85B3C8017EF7} - C:\WINNT\system32\mcqdrl.dll (file missing)
    O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
    O2 - BHO: (no name) - {9A795E39-9DF1-E72A-ADFC-E13B820722CF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {AF546E39-B0C2-D21E-80CC-D116B2370FFF} - C:\WINNT\system32\msa.dll (file missing)
    O2 - BHO: (no name) - {D23E2C20-AA8C-C659-9C5C-CD57D58074A7} - C:\WINNT\System32\bdrvjmi.dll (file missing)

    O4 - HKLM\..\Run: [sman002] C:\DOCUME~1\Owner\LOCALS~1\Temp\app9.tmp
    O4 - HKLM\..\Run: [iissrv] C:\WINNT\iissrv.exe

    O4 - HKLM\..\Run: [kcxin] C:\DOCUME~1\Owner\LOCALS~1\Temp\app20.tmp

    O4 - HKCU\..\Run: [Ltho] "C:\WINNT\system32\PPATCH~2\iexplore.exe" -vt ndrv

    O20 - AppInit_DLLs: C:\WINNT\system32\dvdplay.dll


    Still in safemode

    Find and delete :-

    C:\WINNT\system32\dvdplay.dll ... file

    C:\WINNT\iissrv.exe ... file

    C:\WINNT\system32\PPATCH~2 ... folder (These are just the first 6 letters of this folder - I have no way of knowing it's full name )

    The entire contents of the C:\documents and settings\Owner\local settings\temp folder ( Do NOT delete the folder itself)

    PLEASE NOTE The local settings folder is a hidden folder.....

    Reboot back to normal mode and post a new hijackthis log...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member tyrrhena's Avatar
    Join Date
    May 2005
    Posts
    12
    Points
    0

    Default Latest Update

    Hi Steam -
    thanks so much for everything...

    I no longer get the iissrv.exe mesg. Here is the latest log after completing your suggestions (strangely, the ppatch~2 folder was not found when I was searching for it, after running HJT and fixing...there was some folder called AppPatch)

    Logfile of HijackThis v1.99.1
    Scan saved at 7:35:36 PM, on 8/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\SYSTEM32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\NetZero\exec.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\NetZero\exec.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! NFL StatTracker - http://aud7.sports.yahoo.com/java/y/nflst8252_x.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

    Thanks much - everything *appears* to be better now. Any further suggestions would be greatly appreciated. Incidentally, the reason I installed the panda titanium is because I could *not* get the software to run in the browser properly, so did what I thought was the next best thing.

    thanks again!