Programs refusing to respond!

Darius · 10-08-2003, 10:18 PM

First off, I would like to say that I am pleased to find a forum like this, I have been looking around and have seen that you solve quite a few problems and such. Anyway, on with myproblem.....
Yesterday morning, I booted up my computer and attempted to open up NAV2003 to do a virus scan, and it wouldn't open. I thought that was kind of weird, so just for the hell of it, I opened up the Task Manager. It loaded up for about 1 second, then dissapeared. I thought to myself that it was just a random windows error, so I rebooted my computer and it still didn't work. Then, I got this popup, and at the top of the window it said "Reminder for [Enter time and date here]" But in the actual window was just a 404 error. Plus, I had to use Alt+F4 to get rid of it because there was no [X] Button to be found. After playing around with a few more programs, I noticed that Macromedia Flash MX wouldn't open either....anyway, this has been really bugging me and I would like to know how to know if there is any way to fix it.

I have tried Ad-Aware, didn't work. Tried www.antivirus.com , didn't work. Tried PC Doctor v2, it found the problem, but I had to pay to get it fixed. Same with PC Bug Doctor. I really don't know how else to solve it.....so I figured I would just run a google search on 'Tech support' and this forum came up. I hope you can solve this problem for me......thanks in advance to anyone who tries to help :)

**merlin** · 10-09-2003, 06:38 AM

Hello Darius, welcome to the forums :D
Im assuming you're running windows XP... If you go to add remove programs and click on NAV, does it have repair option ? You also said that PC doctor found a problem..did it tell you what the problem was ?

johnwill · 10-09-2003, 06:40 AM

It sure sounds like you have a virus or worm, the symptoms sound familar. I'd suggest you start with an on-line virus scan, Trend Housecall is one that's pretty decent.

Darius · 10-09-2003, 07:36 AM

@Merlin: There is no 'Repair' tag :( only 'Remove All'. And, PC Doctor Oncall V2 found 252 errors, and there was a bunch in ActiveX/COM saying something about programs not functioning properly, same with the Registry Integrity, and Problems in Application Paths.

@johnwill: If you had clicked the link I provided, you would notice that it leads right back to Trend Micro (i.e I have already done it)

johnwill · 10-09-2003, 01:23 PM

I don't indiscriminately click on links provided when someone is having problems, it could be the source of their problems. :D

There are other on-line virus scanning pages, Panda, Symantec, McAfee to name a few. I'd try several...

**jgvernonco** · 10-09-2003, 03:04 PM

OK, bit different direction. Please download Spybot S&D from the link below, run a scan and tell it to fix everything in red.

http://www.safer-networking.org/inde...&page=download

Next, download Hijack This fro the Start Page link below. There are quick start instruction there, as well. Create a log; the button will change to save log. Click it.

Copy the log here and we'll see if we can find anything.

http://www.tomcoyote.org/hjt/

Darius · 10-09-2003, 03:20 PM

Here's the log....looks complicated

And also, SpyBot S&D is going on my list of programs that refuse to do anything

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {15f0ce81-49ac-4150-9581-74d2af216d15} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll
O2 - BHO: (no name) - {A78FAAEB-F125-FED7-9F30-1C280BFCB6EB} - C:\WINDOWS\system32\xyowdltf.dll
O2 - BHO: (no name) - {A7E7C9DA-5AAD-025C-7962-876A8F8D901B} - C:\WINDOWS\system32\oqjfkhzo.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: rckstfchble - {90cd1ac2-1a6a-4c5b-bcbb-15d073b35a0a} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI
O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - http://www.warezoracle.com/xdownloader.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

**jgvernonco** · 10-11-2003, 08:33 AM

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
O2 - BHO: (no name) - {15f0ce81-49ac-4150-9581-74d2af216d15} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll
O2 - BHO: (no name) - {A78FAAEB-F125-FED7-9F30-1C280BFCB6EB} - C:\WINDOWS\system32\xyowdltf.dll
O2 - BHO: (no name) - {A7E7C9DA-5AAD-025C-7962-876A8F8D901B} - C:\WINDOWS\system32\oqjfkhzo.dll
O3 - Toolbar: rckstfchble - {90cd1ac2-1a6a-4c5b-bcbb-15d073b35a0a} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll
O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI
O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - http://www.warezoracle.com/xdownloader.exe

Two different Trojans, an bad boy browser hijacker, and assorted shrapnel from same.

Run HJT, check all of the items above, make sure that all browser windows are closed, then tell HJT to fix these. Reboot

Now, there are going to be programs associated with this stuff, and I am hoping that, rather than hunting them down one by one, we can now use Spybot to find them. Run a Spybot Scan and fix everything in red.

If Spybot works, post another HJT log. If it doesn't, uninstall it, download it again, and try running it.

Let us know what happens.

Darius · 10-11-2003, 09:32 PM

I did all of the above (including uninstalling/re-downloading spybot) and it still won't work.

This is sooo bloody stupid, and it's a brand new computer, too :(

**jgvernonco** · 10-12-2003, 06:28 AM

I think we should run BHODemon now, link below:

http://www.definitivesolutions.com/bhodemon.htm

Copy and paste that BHO list here.

Then, post another HJT log.

The reason that I depend on programs before I start going into the guts of the machine is because these bad boys are getting more clever, the shrapnel is spreading further into infected machines, and the programs are more thorough on a time-after-time basis.

Let's see what happens.

Darius · 10-12-2003, 11:21 AM

BHODemon gave me this:

0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3}

DLL Path= C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

1) SuperBar.Dll CLSID= {136A9D1D-1F4B-43D4-8359-6F2382449255}

DLL Path= C:\Program Files\SuperBar\SuperBar.Dll

2) SNHelper.dll CLSID= {14B3D246-6274-40B5-8D50-6C2ADE2AB29B}

DLL Path= C:\Program Files\Srng\SNHelper.dll

3) googletoolbar1.dll CLSID= {AA58ED58-01DD-4D91-8333-CF10577473F7}

DLL Path= c:\program files\google\googletoolbar1.dll

4) NavShExt.dll CLSID= {BDF3E430-B101-42AD-A544-FADC6B084872}

DLL Path= C:\Program Files\Norton AntiVirus\NavShExt.dll

5) igfvxdgps.dll CLSID= {E504B6FE-1752-48C3-A94E-D9A8DE42F555}

DLL Path= C:\WINDOWS\System32\igfvxdgps.dll

And here's another HJT log...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E504B6FE-1752-48C3-A94E-D9A8DE42F555} - C:\WINDOWS\System32\igfvxdgps.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\familykeylogger\cisvc.exe
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [UHOVCISFW] C:\WINDOWS\UHOVCISFW.exe
O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI
O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

**jgvernonco** · 10-12-2003, 12:17 PM

This thing is evolving...have patience.

Go to BHO demon and have these neutered:

0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3} ).(unless you recoginze this,, I found nothing on it).

1) SuperBar.Dll CLSID= {136A9D1D-1F4B-43D4-8359-6F2382449255}

2) SNHelper.dll CLSID= {14B3D246-6274-40B5-8D50-6C2ADE2AB29B}

5) igfvxdgps.dll CLSID= {E504B6FE-1752-48C3-A94E-D9A8DE42F555}

DLL Path= C:\WINDOWS\System32\igfvxdgps.dll

Delete the file C:\WINDOWS\System32\igfvxdgps.dll .

After this, reboot, then give us another Hijack log.

We'll get there...really, we will. :D

johnwill · 10-12-2003, 01:36 PM

"0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3} ).(unless you recoginze this,, I found nothing on it). "

Looks like an Adobe Acrobat file, but I'm not certain of that. In any case, it probably won't affect much to kill it off. :)

Darius · 10-12-2003, 02:04 PM

I had to go into Safe Mode to delete that .dll since access was denied in...erm, regular mode. Anyway, here's the latest HJT log....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll (disabled by BHODemon)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E504B6FE-1752-48C3-A94E-D9A8DE42F555} - C:\WINDOWS\System32\igfvxdgps.dll (disabled by BHODemon)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\familykeylogger\cisvc.exe
O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [UHOVCISFW] C:\WINDOWS\UHOVCISFW.exe
O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI
O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

10-08-2003, 10:18 PM	#1 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	Programs refusing to respond! First off, I would like to say that I am pleased to find a forum like this, I have been looking around and have seen that you solve quite a few problems and such. Anyway, on with myproblem..... Yesterday morning, I booted up my computer and attempted to open up NAV2003 to do a virus scan, and it wouldn't open. I thought that was kind of weird, so just for the hell of it, I opened up the Task Manager. It loaded up for about 1 second, then dissapeared. I thought to myself that it was just a random windows error, so I rebooted my computer and it still didn't work. Then, I got this popup, and at the top of the window it said "Reminder for [Enter time and date here]" But in the actual window was just a 404 error. Plus, I had to use Alt+F4 to get rid of it because there was no [X] Button to be found. After playing around with a few more programs, I noticed that Macromedia Flash MX wouldn't open either....anyway, this has been really bugging me and I would like to know how to know if there is any way to fix it. I have tried Ad-Aware, didn't work. Tried www.antivirus.com , didn't work. Tried PC Doctor v2, it found the problem, but I had to pay to get it fixed. Same with PC Bug Doctor. I really don't know how else to solve it.....so I figured I would just run a google search on 'Tech support' and this forum came up. I hope you can solve this problem for me......thanks in advance to anyone who tries to help :)

10-09-2003, 06:40 AM	#3 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 31,468 OS: XP-Pro, Vista, Linux Blog Entries: 1	It sure sounds like you have a virus or worm, the symptoms sound familar. I'd suggest you start with an on-line virus scan, Trend Housecall is one that's pretty decent. __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

10-09-2003, 01:23 PM	#5 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 31,468 OS: XP-Pro, Vista, Linux Blog Entries: 1	I don't indiscriminately click on links provided when someone is having problems, it could be the source of their problems. :D There are other on-line virus scanning pages, Panda, Symantec, McAfee to name a few. I'd try several... __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

10-09-2003, 03:04 PM	#6 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	OK, bit different direction. Please download Spybot S&D from the link below, run a scan and tell it to fix everything in red. http://www.safer-networking.org/inde...&page=download Next, download Hijack This fro the Start Page link below. There are quick start instruction there, as well. Create a log; the button will change to save log. Click it. Copy the log here and we'll see if we can find anything. http://www.tomcoyote.org/hjt/ __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

10-09-2003, 03:20 PM	#7 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	Here's the log....looks complicated And also, SpyBot S&D is going on my list of programs that refuse to do anything R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {15f0ce81-49ac-4150-9581-74d2af216d15} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll O2 - BHO: (no name) - {A78FAAEB-F125-FED7-9F30-1C280BFCB6EB} - C:\WINDOWS\system32\xyowdltf.dll O2 - BHO: (no name) - {A7E7C9DA-5AAD-025C-7962-876A8F8D901B} - C:\WINDOWS\system32\oqjfkhzo.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: rckstfchble - {90cd1ac2-1a6a-4c5b-bcbb-15d073b35a0a} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1 O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - http://www.warezoracle.com/xdownloader.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab Last edited by Darius : 10-09-2003 at 10:33 PM.

10-09-2003, 06:38 AM	#2 (permalink)
merlin I helped the forums. Join Date: Sep 2002 Location: Pennsylvania Posts: 1,612 OS: 3.11	Hello Darius, welcome to the forums :D Im assuming you're running windows XP... If you go to add remove programs and click on NAV, does it have repair option ? You also said that PC doctor found a problem..did it tell you what the problem was ?

10-09-2003, 07:36 AM	#4 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	@Merlin: There is no 'Repair' tag :( only 'Remove All'. And, PC Doctor Oncall V2 found 252 errors, and there was a bunch in ActiveX/COM saying something about programs not functioning properly, same with the Registry Integrity, and Problems in Application Paths. @johnwill: If you had clicked the link I provided, you would notice that it leads right back to Trend Micro (i.e I have already done it)

10-11-2003, 08:33 AM	#8 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe O2 - BHO: (no name) - {15f0ce81-49ac-4150-9581-74d2af216d15} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll O2 - BHO: (no name) - {A78FAAEB-F125-FED7-9F30-1C280BFCB6EB} - C:\WINDOWS\system32\xyowdltf.dll O2 - BHO: (no name) - {A7E7C9DA-5AAD-025C-7962-876A8F8D901B} - C:\WINDOWS\system32\oqjfkhzo.dll O3 - Toolbar: rckstfchble - {90cd1ac2-1a6a-4c5b-bcbb-15d073b35a0a} - C:\DOCUME~1\Owner\APPLIC~1\eiegchstlz.dll O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O16 - DPF: {0D4312E2-5E4D-4A27-A9D8-043E43904277} - http://www.warezoracle.com/xdownloader.exe Two different Trojans, an bad boy browser hijacker, and assorted shrapnel from same. Run HJT, check all of the items above, make sure that all browser windows are closed, then tell HJT to fix these. Reboot Now, there are going to be programs associated with this stuff, and I am hoping that, rather than hunting them down one by one, we can now use Spybot to find them. Run a Spybot Scan and fix everything in red. If Spybot works, post another HJT log. If it doesn't, uninstall it, download it again, and try running it. Let us know what happens. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

10-11-2003, 09:32 PM	#9 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	I did all of the above (including uninstalling/re-downloading spybot) and it still won't work. This is sooo bloody stupid, and it's a brand new computer, too :(

10-12-2003, 06:28 AM	#10 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	I think we should run BHODemon now, link below: http://www.definitivesolutions.com/bhodemon.htm Copy and paste that BHO list here. Then, post another HJT log. The reason that I depend on programs before I start going into the guts of the machine is because these bad boys are getting more clever, the shrapnel is spreading further into infected machines, and the programs are more thorough on a time-after-time basis. Let's see what happens. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt Last edited by jgvernonco : 10-12-2003 at 06:30 AM.

10-12-2003, 11:21 AM	#11 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	BHODemon gave me this: 0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3} DLL Path= C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1) SuperBar.Dll CLSID= {136A9D1D-1F4B-43D4-8359-6F2382449255} DLL Path= C:\Program Files\SuperBar\SuperBar.Dll 2) SNHelper.dll CLSID= {14B3D246-6274-40B5-8D50-6C2ADE2AB29B} DLL Path= C:\Program Files\Srng\SNHelper.dll 3) googletoolbar1.dll CLSID= {AA58ED58-01DD-4D91-8333-CF10577473F7} DLL Path= c:\program files\google\googletoolbar1.dll 4) NavShExt.dll CLSID= {BDF3E430-B101-42AD-A544-FADC6B084872} DLL Path= C:\Program Files\Norton AntiVirus\NavShExt.dll 5) igfvxdgps.dll CLSID= {E504B6FE-1752-48C3-A94E-D9A8DE42F555} DLL Path= C:\WINDOWS\System32\igfvxdgps.dll And here's another HJT log... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E504B6FE-1752-48C3-A94E-D9A8DE42F555} - C:\WINDOWS\System32\igfvxdgps.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1 O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\familykeylogger\cisvc.exe O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe O4 - HKLM\..\Run: [UHOVCISFW] C:\WINDOWS\UHOVCISFW.exe O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

10-12-2003, 12:17 PM	#12 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,957 OS: Vista Home Premium, SP 27	This thing is evolving...have patience. Go to BHO demon and have these neutered: 0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3} ).(unless you recoginze this,, I found nothing on it). 1) SuperBar.Dll CLSID= {136A9D1D-1F4B-43D4-8359-6F2382449255} 2) SNHelper.dll CLSID= {14B3D246-6274-40B5-8D50-6C2ADE2AB29B} 5) igfvxdgps.dll CLSID= {E504B6FE-1752-48C3-A94E-D9A8DE42F555} DLL Path= C:\WINDOWS\System32\igfvxdgps.dll Delete the file C:\WINDOWS\System32\igfvxdgps.dll . After this, reboot, then give us another Hijack log. We'll get there...really, we will. :D __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

10-12-2003, 01:36 PM	#13 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 31,468 OS: XP-Pro, Vista, Linux Blog Entries: 1	"0) Acrohelper.ocx CLSID= {06849E9F-C8D7-4D59-B87D 784B7D6BE0B3} ).(unless you recoginze this,, I found nothing on it). " Looks like an Adobe Acrobat file, but I'm not certain of that. In any case, it probably won't affect much to kill it off. :) __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

10-12-2003, 02:04 PM	#14 (permalink)
Darius Registered User Join Date: Oct 2003 Posts: 10 OS: XP	I had to go into Safe Mode to delete that .dll since access was denied in...erm, regular mode. Anyway, here's the latest HJT log.... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon) O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll (disabled by BHODemon) O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E504B6FE-1752-48C3-A94E-D9A8DE42F555} - C:\WINDOWS\System32\igfvxdgps.dll (disabled by BHODemon) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1 O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\familykeylogger\cisvc.exe O4 - HKLM\..\Run: [KaZooM] C:\Program Files\Blue Haven Media\KaZooM\KaZooM.Exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKLM\..\Run: [msbb] C:\Program Files\Blue Haven Media\KaZooM\msbb.exe O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe O4 - HKLM\..\Run: [UHOVCISFW] C:\WINDOWS\UHOVCISFW.exe O4 - HKLM\..\Run: [Generic host proccess for windows] SVCHOSTS.EXE O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [TlcR] C:\WINDOWS\config\avp.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.0.3705] "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe" 0 v1.0.3705 GAC + NI O4 - HKCU\..\RunOnce: [Generic host proccess for windows] SVCHOSTS.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio...der/isetup.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab Last edited by Darius : 10-12-2003 at 02:05 PM.