Tech Support Forum - View Single Post

Mixtli · 03-30-2005, 08:35 PM

Hi Folks,

I got my right mouse button locked, my desktop locked, and my PC is screwy... with this message on my desktop:

DANGER: SPYWARE...Smart Security 59.95$

Every time I start my PC after getting these errors, I get this DOS window with "nmb.exe" running.

Anyways, heres my log. I'd appreciate any help.
TXS guys

Logfile of HijackThis v1.99.1
Scan saved at 00:30:39, on 31/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS2\System32\smss.exe
F:\WINDOWS2\system32\csrss.exe
F:\WINDOWS2\system32\winlogon.exe
F:\WINDOWS2\system32\services.exe
F:\WINDOWS2\system32\lsass.exe
F:\WINDOWS2\system32\svchost.exe
F:\WINDOWS2\System32\svchost.exe
F:\WINDOWS2\System32\svchost.exe
F:\WINDOWS2\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS2\system32\spoolsv.exe
F:\WINDOWS2\Explorer.exe
F:\WINDOWS2\AGRSMMSG.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\WINDOWS2\System32\spool\drivers\w32x86\3\hpztsb09.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS2\Bvv.exe
F:\WINDOWS2\System32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\CD\PGP\Dave3@terra\PGPtray.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\WINDOWS2\System32\alg.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINDOWS2\System32\PGPserv.exe
F:\WINDOWS2\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\_Dave\Progs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\DOCUME~1\Lirio\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\DOCUME~1\Lirio\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...2&gwCountry=BR
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS2\System32\kernels32.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {94087010-979B-4559-A796-BA70D89C82E4} - F:\WINDOWS2\System32\nocdhea.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS2\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS2\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [winpos] F:\WINDOWS2\winpos.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Psu] F:\WINDOWS2\System32\Ehr.exe
O4 - HKLM\..\Run: [Itc] F:\WINDOWS2\System32\Hoi.exe
O4 - HKLM\..\Run: [Jkq] F:\WINDOWS2\System32\Loe.exe
O4 - HKLM\..\Run: [Pvn] F:\WINDOWS2\Ssq.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Scn] F:\WINDOWS2\Ihi.exe
O4 - HKLM\..\Run: [Igj] F:\WINDOWS2\System32\Ibt.exe
O4 - HKLM\..\Run: [Efp] F:\WINDOWS2\Dtk.exe
O4 - HKLM\..\Run: [Rhu] F:\WINDOWS2\Gne.exe
O4 - HKLM\..\Run: [Jgn] F:\WINDOWS2\System32\Dsf.exe
O4 - HKLM\..\Run: [Tnu] F:\WINDOWS2\Odv.exe
O4 - HKLM\..\Run: [Gdc] F:\WINDOWS2\Bvv.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Knc] F:\WINDOWS2\System32\Fjd.exe
O4 - HKLM\..\Run: [Dae] F:\WINDOWS2\Ggq.exe
O4 - HKLM\..\Run: [Utt] F:\WINDOWS2\Rrg.exe
O4 - HKLM\..\Run: [Klv] F:\WINDOWS2\Hef.exe
O4 - HKLM\..\Run: [Tvv] F:\WINDOWS2\System32\Oke.exe
O4 - HKLM\..\Run: [Nhh] F:\WINDOWS2\System32\Ncr.exe
O4 - HKLM\..\Run: [Lms] F:\WINDOWS2\System32\Tpk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS2\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] F:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [Psu] F:\WINDOWS2\System32\Ehr.exe
O4 - HKCU\..\Run: [Itc] F:\WINDOWS2\System32\Hoi.exe
O4 - HKCU\..\Run: [Jkq] F:\WINDOWS2\System32\Loe.exe
O4 - HKCU\..\Run: [Pvn] F:\WINDOWS2\Ssq.exe
O4 - HKCU\..\Run: [Scn] F:\WINDOWS2\Ihi.exe
O4 - HKCU\..\Run: [Igj] F:\WINDOWS2\System32\Ibt.exe
O4 - HKCU\..\Run: [Efp] F:\WINDOWS2\Dtk.exe
O4 - HKCU\..\Run: [Rhu] F:\WINDOWS2\Gne.exe
O4 - HKCU\..\Run: [Jgn] F:\WINDOWS2\System32\Dsf.exe
O4 - HKCU\..\Run: [Tnu] F:\WINDOWS2\Odv.exe
O4 - HKCU\..\Run: [Gdc] F:\WINDOWS2\Bvv.exe
O4 - HKCU\..\Run: [Knc] F:\WINDOWS2\System32\Fjd.exe
O4 - HKCU\..\Run: [Dae] F:\WINDOWS2\Ggq.exe
O4 - HKCU\..\Run: [Utt] F:\WINDOWS2\Rrg.exe
O4 - HKCU\..\Run: [Klv] F:\WINDOWS2\Hef.exe
O4 - HKCU\..\Run: [Tvv] F:\WINDOWS2\System32\Oke.exe
O4 - HKCU\..\Run: [Nhh] F:\WINDOWS2\System32\Ncr.exe
O4 - HKCU\..\Run: [Lms] F:\WINDOWS2\System32\Tpk.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS2\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS2\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - F:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3BB699-E52E-4F06-A378-30135350AB52}: NameServer = 200.149.55.142 200.165.132.155
O18 - Filter: text/html - {68D65528-80BE-4350-8711-6C026BCAF7A6} - F:\WINDOWS2\System32\nocdhea.dll
O18 - Filter: text/plain - {68D65528-80BE-4350-8711-6C026BCAF7A6} - F:\WINDOWS2\System32\nocdhea.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - F:\WINDOWS2\System32\vbsys2.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PGPserv - PGP Corporation - F:\WINDOWS2\System32\PGPserv.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

03-30-2005, 08:35 PM	#1 (permalink)
Mixtli Registered User Join Date: Mar 2005 Posts: 4 OS: Win XP Pro	DANGER: SPYWARE...Smart Security 59.95$ Hi Folks, I got my right mouse button locked, my desktop locked, and my PC is screwy... with this message on my desktop: DANGER: SPYWARE...Smart Security 59.95$ Every time I start my PC after getting these errors, I get this DOS window with "nmb.exe" running. Anyways, heres my log. I'd appreciate any help. TXS guys Logfile of HijackThis v1.99.1 Scan saved at 00:30:39, on 31/3/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS2\System32\smss.exe F:\WINDOWS2\system32\csrss.exe F:\WINDOWS2\system32\winlogon.exe F:\WINDOWS2\system32\services.exe F:\WINDOWS2\system32\lsass.exe F:\WINDOWS2\system32\svchost.exe F:\WINDOWS2\System32\svchost.exe F:\WINDOWS2\System32\svchost.exe F:\WINDOWS2\System32\svchost.exe F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\WINDOWS2\system32\spoolsv.exe F:\WINDOWS2\Explorer.exe F:\WINDOWS2\AGRSMMSG.exe F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe F:\Program Files\HP\hpcoretech\hpcmpmgr.exe F:\WINDOWS2\System32\spool\drivers\w32x86\3\hpztsb09.exe F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\WINDOWS2\Bvv.exe F:\WINDOWS2\System32\ctfmon.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe E:\CD\PGP\Dave3@terra\PGPtray.exe F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe F:\WINDOWS2\System32\alg.exe F:\Program Files\Norton AntiVirus\navapsvc.exe F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe F:\WINDOWS2\System32\PGPserv.exe F:\WINDOWS2\System32\svchost.exe F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\_Dave\Progs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\DOCUME~1\Lirio\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\DOCUME~1\Lirio\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebRe...2&gwCountry=BR F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS2\System32\kernels32.exe O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\Program Files\DAP\DAPBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {94087010-979B-4559-A796-BA70D89C82E4} - F:\WINDOWS2\System32\nocdhea.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS2\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS2\system32\NeroCheck.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS2\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [winpos] F:\WINDOWS2\winpos.exe O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Psu] F:\WINDOWS2\System32\Ehr.exe O4 - HKLM\..\Run: [Itc] F:\WINDOWS2\System32\Hoi.exe O4 - HKLM\..\Run: [Jkq] F:\WINDOWS2\System32\Loe.exe O4 - HKLM\..\Run: [Pvn] F:\WINDOWS2\Ssq.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Scn] F:\WINDOWS2\Ihi.exe O4 - HKLM\..\Run: [Igj] F:\WINDOWS2\System32\Ibt.exe O4 - HKLM\..\Run: [Efp] F:\WINDOWS2\Dtk.exe O4 - HKLM\..\Run: [Rhu] F:\WINDOWS2\Gne.exe O4 - HKLM\..\Run: [Jgn] F:\WINDOWS2\System32\Dsf.exe O4 - HKLM\..\Run: [Tnu] F:\WINDOWS2\Odv.exe O4 - HKLM\..\Run: [Gdc] F:\WINDOWS2\Bvv.exe O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [Knc] F:\WINDOWS2\System32\Fjd.exe O4 - HKLM\..\Run: [Dae] F:\WINDOWS2\Ggq.exe O4 - HKLM\..\Run: [Utt] F:\WINDOWS2\Rrg.exe O4 - HKLM\..\Run: [Klv] F:\WINDOWS2\Hef.exe O4 - HKLM\..\Run: [Tvv] F:\WINDOWS2\System32\Oke.exe O4 - HKLM\..\Run: [Nhh] F:\WINDOWS2\System32\Ncr.exe O4 - HKLM\..\Run: [Lms] F:\WINDOWS2\System32\Tpk.exe O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS2\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] F:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKCU\..\Run: [Psu] F:\WINDOWS2\System32\Ehr.exe O4 - HKCU\..\Run: [Itc] F:\WINDOWS2\System32\Hoi.exe O4 - HKCU\..\Run: [Jkq] F:\WINDOWS2\System32\Loe.exe O4 - HKCU\..\Run: [Pvn] F:\WINDOWS2\Ssq.exe O4 - HKCU\..\Run: [Scn] F:\WINDOWS2\Ihi.exe O4 - HKCU\..\Run: [Igj] F:\WINDOWS2\System32\Ibt.exe O4 - HKCU\..\Run: [Efp] F:\WINDOWS2\Dtk.exe O4 - HKCU\..\Run: [Rhu] F:\WINDOWS2\Gne.exe O4 - HKCU\..\Run: [Jgn] F:\WINDOWS2\System32\Dsf.exe O4 - HKCU\..\Run: [Tnu] F:\WINDOWS2\Odv.exe O4 - HKCU\..\Run: [Gdc] F:\WINDOWS2\Bvv.exe O4 - HKCU\..\Run: [Knc] F:\WINDOWS2\System32\Fjd.exe O4 - HKCU\..\Run: [Dae] F:\WINDOWS2\Ggq.exe O4 - HKCU\..\Run: [Utt] F:\WINDOWS2\Rrg.exe O4 - HKCU\..\Run: [Klv] F:\WINDOWS2\Hef.exe O4 - HKCU\..\Run: [Tvv] F:\WINDOWS2\System32\Oke.exe O4 - HKCU\..\Run: [Nhh] F:\WINDOWS2\System32\Ncr.exe O4 - HKCU\..\Run: [Lms] F:\WINDOWS2\System32\Tpk.exe O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PGPtray.lnk = ? O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS2\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS2\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - F:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3BB699-E52E-4F06-A378-30135350AB52}: NameServer = 200.149.55.142 200.165.132.155 O18 - Filter: text/html - {68D65528-80BE-4350-8711-6C026BCAF7A6} - F:\WINDOWS2\System32\nocdhea.dll O18 - Filter: text/plain - {68D65528-80BE-4350-8711-6C026BCAF7A6} - F:\WINDOWS2\System32\nocdhea.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - F:\WINDOWS2\System32\vbsys2.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PGPserv - PGP Corporation - F:\WINDOWS2\System32\PGPserv.exe O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe