Tech Support Forum - View Single Post

freeze123 · 08-21-2005, 07:58 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:54:23, on 21/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon06.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\hijack this\tmas-web-scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\hijack this\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D98292-2FF3-4CE3-B14E-854637D679BA}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D98292-2FF3-4CE3-B14E-854637D679BA}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

===========================================================================================

Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}'
Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}'
Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}'
Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}'
Found '' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}\InprocServer32'
Found '{D49E9D35-254C-4C6A-9D17-95018D228FF5}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found '' in 'SOFTWARE\FunWebProducts'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\FunWebProducts'
Found '' in 'C:\Program Files\Starware'
Found 'Dc2.vxd' in 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000'
Found 'Date.ico' in 'C:\WINNT\system32'
Found 'network.ico' in 'C:\WINNT\system32'
Found 'pharm.ico' in 'C:\WINNT\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\FunWebProducts' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts'
Checking for 'C:\Program Files\Starware' in shortcut areas.
Checking for 'C:\Program Files\Starware' in startup areas.
Cleaning 'C:\Program Files\Starware'
Checking for 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd' in shortcut areas.
Checking for 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd' in startup areas.
Cleaning 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd'
Checking for 'C:\WINNT\system32\Date.ico' in shortcut areas.
Checking for 'C:\WINNT\system32\Date.ico' in startup areas.
Cleaning 'C:\WINNT\system32\Date.ico'
Checking for 'C:\WINNT\system32\network.ico' in shortcut areas.
Checking for 'C:\WINNT\system32\network.ico' in startup areas.
Cleaning 'C:\WINNT\system32\network.ico'
Checking for 'C:\WINNT\system32\pharm.ico' in shortcut areas.
Checking for 'C:\WINNT\system32\pharm.ico' in startup areas.
Cleaning 'C:\WINNT\system32\pharm.ico'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning

08-21-2005, 07:58 AM	#10 (permalink)
freeze123 Registered User Join Date: Aug 2005 Location: uk Posts: 27 OS: win2000	Log Logfile of HijackThis v1.99.1 Scan saved at 14:54:23, on 21/08/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINNT\system32\hphmon06.exe C:\WINNT\system32\pctspk.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINNT\system32\internat.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\HP\digital imaging\bin\hpqtra08.exe C:\WINNT\system32\HPZipm12.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINNT\explorer.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\hijack this\tmas-web-scan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\hijack this\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95D98292-2FF3-4CE3-B14E-854637D679BA}: NameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{95D98292-2FF3-4CE3-B14E-854637D679BA}: NameServer = 194.168.4.100 194.168.8.100 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe =========================================================================================== Started Scanning Internet Cookies Found 'tribalfusion.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found '' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}' Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}' Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\Implemented Categories' Found '' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}' Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\Implemented Categories' Found '' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}' Found '' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}\InprocServer32' Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\InprocServer32' Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\InprocServer32' Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}\InprocServer32' Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}\InprocServer32' Found '{D49E9D35-254C-4C6A-9D17-95018D228FF5}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser' Found '' in 'SOFTWARE\FunWebProducts' Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run' Internet URL Shortcuts Files and Directories Found '' in 'C:\Program Files\FunWebProducts' Found '' in 'C:\Program Files\Starware' Found 'Dc2.vxd' in 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000' Found 'Date.ico' in 'C:\WINNT\system32' Found 'network.ico' in 'C:\WINNT\system32' Found 'pharm.ico' in 'C:\WINNT\system32' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Program Files\FunWebProducts' in shortcut areas. Checking for 'C:\Program Files\FunWebProducts' in startup areas. Cleaning 'C:\Program Files\FunWebProducts' Checking for 'C:\Program Files\Starware' in shortcut areas. Checking for 'C:\Program Files\Starware' in startup areas. Cleaning 'C:\Program Files\Starware' Checking for 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd' in shortcut areas. Checking for 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd' in startup areas. Cleaning 'C:\RECYCLER\S-1-5-21-448539723-1563985344-1202660629-1000\Dc2.vxd' Checking for 'C:\WINNT\system32\Date.ico' in shortcut areas. Checking for 'C:\WINNT\system32\Date.ico' in startup areas. Cleaning 'C:\WINNT\system32\Date.ico' Checking for 'C:\WINNT\system32\network.ico' in shortcut areas. Checking for 'C:\WINNT\system32\network.ico' in startup areas. Cleaning 'C:\WINNT\system32\network.ico' Checking for 'C:\WINNT\system32\pharm.ico' in shortcut areas. Checking for 'C:\WINNT\system32\pharm.ico' in startup areas. Cleaning 'C:\WINNT\system32\pharm.ico' Finished Cleaning Started Scanning Internet Cookies Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Scanning Internet Cookies Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning