My HJT log

mallard32 · 07-11-2006, 07:05 AM

Here it is, tell me if anything is wrong please.

Logfile of HijackThis v1.99.1
Scan saved at 9:04:44 AM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\system32\cisvc.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
E:\Program Files\Startup Mechanic\StartupMonitor.exe
E:\Program Files\Prevx Home\SAGUI.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Everest Labs\Spydefense\sdc.exe
E:\Program Files\Prevx Home\PXAgent.exe
E:\Program Files\Norton AntiVirus\SAVScan.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - E:\WINDOWS\IECodecPlg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [PrevxHome] E:\Program Files\Prevx Home\SAGUI.exe
O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - E:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - E:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing)

Thanks again

Ried · 07-12-2006, 05:53 PM

Hello mallard32,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

*********************************************************************

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

------------------------------------------------

Please disable the following program(s) if they are currently running as they may interfere with the fixes below. You may re-enable them when we are through:

Windows Defender:

Open Windows Defender.
Click on Tools, Options.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Prevx:

Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose "Show Management Console".
On the Management Console click the Protection Level drop-down menu. You will see three levels:
Maximum

Off

User Defined
To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
Click the X on the upper right hand corner to exit the Management console.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - E:\WINDOWS\IECodecPlg.dll
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Delete the following File if it still exists.[/b]

E:\WINDOWS\ IECodecPlg.dll

-----------------------------------
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

------------------------------------------------

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

Please include the following in your next reply:

Ewido results
Panda results
New HijackThis log

mallard32 · 07-13-2006, 09:12 AM

My HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:05:47 AM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Windows Defender\MSASCui.exe
E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing)

My ActiveScan Report

Incident Status Location

Spyware:spyware/whazit Not disinfected e:\windows\system32\fiz1
Adware:adware/gator Not disinfected e:\windows\downloaded program files\HDPlugin1019.dll
Spyware:spyware/betterinet Not disinfected e:\windows\inf\satmat.inf
Adware:adware/twain-tech Not disinfected e:\windows\satmat.ini
Adware:adware/sidesearch Not disinfected E:\Documents and Settings\Owner\Application Data\Lycos
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry

My Ewido Antispyware Report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:44:26 AM 7/13/2006

+ Scan result:

E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,31,2005_8,48,59.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\10,17,2004_8,17,9.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\11,4,2004_14,16,11.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\4,3,2005_9,56,17.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\7,13,2004_13,13,12.zip/owner@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@gator[1].txt -> TrackingCookie.Gator : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\7,15,2004_19,7,3.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\10,17,2004_8,17,9.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@c5.zedo[1].txt -> TrackingCookie.Zedo : No action taken.

::Report end

Ried · 07-13-2006, 11:13 AM

Hi mallard32,

NoAdware was recently de-listed from the rogue program list. Due to it's history, we suggest uninstalling it as there are plenty of other good free programs out there.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

NoAdware

-----------------------------

Click Start>Run and copy/paste regsvr32 /u occache.dll and click OK.

Delete the following Files and Folders if they still exist.

e:\windows\system32\ fiz1
e:\windows\downloaded program files\ HDPlugin1019.dll
e:\windows\inf\ satmat.inf
e:\windows\ satmat.ini
E:\Documents and Settings\Owner\Application Data\ Lycos
C:\Program Files\ NoAdware

Now, click Start>Run and copy/paste regsvr32 occache.dll and click OK.

**If any of the above resist deletion, boot into Safe Mode and delete.

------------------------------------

Reboot your system.

------------------------------------

Run another online scan at Panda and post the results here along with a new HijackThis log taken from Normal Mode.

How is your system behaving?

mallard32 · 07-13-2006, 04:09 PM

Ok, i am sorry, but i do not want to remove NoAdware since i paid money for it. I hoep this does not ruin anything. Can you tell me what to do with NoAdware installed. Please and Thanks. My system is running fine, no issue whatsoever.

mallard32 · 07-13-2006, 04:15 PM

Is it safe to delete

e:\windows\system32\fiz1
e:\windows\downloaded program files\HDPlugin1019.dll
e:\windows\inf\satmat.inf
e:\windows\satmat.ini
E:\Documents and Settings\Owner\Application Data\Lycos

also there are many other different fiz files too

? I am going to panda scan now and post my newer hjt log is that ok? The files are in the recycle bin and not deleted yet, i am awaiting instructions from you.

Ried · 07-13-2006, 04:23 PM

Hi mallard32,

Understandable that you'd want to keep NoAdware as you've paid for it.

You did just fine by deleting what you did,and leaving the NoAdware folder.

Quote:

also there are many other different fiz files too

Delete all those as well. Then proceed with the Panda scan and new HijackThis log.

mallard32 · 07-13-2006, 04:56 PM

alright doing it now

mallard32 · 07-13-2006, 05:32 PM

My active scan log

Incident Status Location

Spyware:spyware/betterinet Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry
My HJT log

Logfile of HijackThis v1.99.1
Scan saved at 7:31:50 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Prevx1\PXAgent.exe
E:\Program Files\Norton AntiVirus\SAVScan.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Startup Mechanic\StartupMonitor.exe
E:\Program Files\Prevx1\PXConsole.exe
E:\Program Files\Everest Labs\Spydefense\sdc.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing)

Ried · 07-13-2006, 11:18 PM

Hi,

From Normal Mode:

Open HijackThis and run a scan. 'Check' this entry:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS

Click 'Fix Checked' and close HijackThis.

-------------------------------------

Create an Uninstall List:

Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here along with a new HijackThis log.

mallard32 · 07-14-2006, 06:25 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:24:06 AM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Startup Mechanic\StartupMonitor.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Prevx1\PXConsole.exe
E:\Program Files\Everest Labs\Spydefense\sdc.exe
E:\Program Files\Prevx1\PXAgent.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\Program Files\Norton AntiVirus\SAVScan.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing)

My uninstall_list.txt

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe PDF IFilter 6.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AV MP3 Player Morpher
Battlefield 2(TM)
Battlefield 2: Special Forces
Bink and Smacker
BitPim 0.9.01
BYOP Ultimate Splat Pack v1.0
CardRd81
CC_ccStart
ccCommon
CCleaner (remove only)
CCScore
Construction Destruction
Counter-Strike: Condition Zero
CR2
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
Desktop Weather by The Weather Channel
Direct Show Ogg Vorbis Filter (remove only)
EA downloader
EasyPoint Mouse Software
Emergency 3
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
Everest Labs Spydefense 0.9.8 Beta
EximiousSoft GIF Creator V3.05
Field Training Officer Program
Fraps
Full Tilt Poker
Fusion Pack Source
Google Earth
Google Toolbar for Internet Explorer
Greeting Card Factory 2 Deluxe
GTK+ 2.8.9 runtime environment
Half-Life
Half-Life(R) 2
Half-Life: Counter-Strike
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows XP (KB896344)
Hoyle Card Games 2003
Hoyle Casino 5
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HSP56 MicroModem Drivers
J2SE Runtime Environment 5.0 Update 6
Kodak EasyShare software
KSU
Lavasoft VX2 Cleaner
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Drivers
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Max Media Creator
MaxDrive PS2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2000 Professional
Microsoft Phishing Filter Add-in for MSN Search Toolbar
Microsoft Picture It! Express 7.0
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Picture It! Photo 2002
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Streets and Trips 2002
Microsoft Windows Journal Viewer
Microsoft Windows Script Host
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
MP3 Rocket
MP3 Update
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.5
MSN Search Toolbar
MSRedist
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nero - Burning Rom
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Notifier
NVIDIA Drivers
Office Animation Runtime
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
PCFriendly
PowerDVD
Prevx1R
Project64 1.6
QuickTime
RealPlayer
Registry Mechanic 5.0
Riva FLV Encoder 2.0
Search Preview Add-in for MSN Search Toolbar
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SFR2
SHASTA
Shockwave
Sierra Utilities
SKIN0001
SKINXSDK
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Startup Mechanic 2.8
Steam
StormPredator Trial Version 3.02
Symantec Script Blocking Installer
SymNet
TeamSpeak 2 RC2
The Weather Channel
Titan Poker
TVUPlayer 1.5.12
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
V CAST Music
VIA Rhine-Family Fast Ethernet Adapter
Virtual DJ - Atomix Productions
VPRINTOL
Wal-Mart Music Downloads Store
Wave Splitter 2.10
Weather Services
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Safety Scanner
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
XviD 1.1 final uninstall

Ried · 07-14-2006, 07:59 AM

Hi mallard32,

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Keep my computer up to date"
*Under Settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

You already have the programs we usually suggest for protection.

There is one you may want to add:

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Please let us know if we can consider this thread resolved.

mallard32 · 07-14-2006, 09:16 AM

RESOLVED, Thank You for your help Reid :) I will suggest this site to people, and i will stick around to see if i can help:) Good Job

Ried · 07-14-2006, 09:20 AM

You are welcome. Please do 'stick around'.

07-11-2006, 07:05 AM	#1 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	My HJT log Here it is, tell me if anything is wrong please. Logfile of HijackThis v1.99.1 Scan saved at 9:04:44 AM, on 7/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\WINDOWS\system32\cisvc.exe E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe E:\Program Files\Startup Mechanic\StartupMonitor.exe E:\Program Files\Prevx Home\SAGUI.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\pctspk.exe E:\Program Files\Everest Labs\Spydefense\sdc.exe E:\Program Files\Prevx Home\PXAgent.exe E:\Program Files\Norton AntiVirus\SAVScan.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe E:\WINDOWS\System32\HPZipm12.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe E:\WINDOWS\system32\cidaemon.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - E:\WINDOWS\IECodecPlg.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe O4 - HKLM\..\Run: [PrevxHome] E:\Program Files\Prevx Home\SAGUI.exe O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - E:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - E:\Program Files\Prevx Home\PXAgent.exe" -f (file missing) O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing) Thanks again

07-12-2006, 05:53 PM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,900 OS: WinXP and Vista	Hello mallard32, Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ******************************************************************* First download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition files. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close ewido anti-spyware, Do Not run a scan just yet, we will shortly. Download and install CleanUp! but do not run it yet. (Not Recommended for XP64). ------------------------------------------------ Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. ------------------------------------------------ Please disable the following program(s) if they are currently running as they may interfere with the fixes below. You may re-enable them when we are through: Windows Defender: Open Windows Defender. Click on Tools, Options. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Prevx: Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose "Show Management Console". On the Management Console click the Protection Level drop-down menu. You will see three levels: Maximum Off User Defined To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes. Click the X on the upper right hand corner to exit the Management console. ----------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist: O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - E:\WINDOWS\IECodecPlg.dll O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab Click 'Fix Checked' and close HijackThis. ----------------------------------- Go to My Computer->Tools->Folder Options->View** tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ----------------------------------- Delete the following File if it still exists.[/b] E:\WINDOWS\ IECodecPlg.dll ----------------------------------- WARNING Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files"* and uncheck the box for "Scan drives for file matching" if it's checked. Click OK Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. ------------------------------------------------ IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan. Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. ----------------------------------- Reboot into Normal Mode. ----------------------------------- Perform an online scan using Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please include the following in your next reply: Ewido results Panda results New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-13-2006, 11:13 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,900 OS: WinXP and Vista	Hi mallard32, NoAdware was recently de-listed from the rogue program list. Due to it's history, we suggest uninstalling it as there are plenty of other good free programs out there. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) NoAdware ----------------------------- Click Start>Run and copy/paste regsvr32 /u occache.dll and click OK. Delete the following Files and Folders if they still exist. e:\windows\system32\ fiz1 e:\windows\downloaded program files\ HDPlugin1019.dll e:\windows\inf\ satmat.inf e:\windows\ satmat.ini E:\Documents and Settings\Owner\Application Data\ Lycos C:\Program Files\ NoAdware Now, click Start>Run and copy/paste regsvr32 occache.dll and click OK. **If any of the above resist deletion, boot into Safe Mode and delete. ------------------------------------ Reboot your system. ------------------------------------ Run another online scan at Panda and post the results here along with a new HijackThis log taken from Normal Mode. How is your system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-13-2006, 04:15 PM	#6 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	Is it safe to delete e:\windows\system32\fiz1 e:\windows\downloaded program files\HDPlugin1019.dll e:\windows\inf\satmat.inf e:\windows\satmat.ini E:\Documents and Settings\Owner\Application Data\Lycos also there are many other different fiz files too ? I am going to panda scan now and post my newer hjt log is that ok? The files are in the recycle bin and not deleted yet, i am awaiting instructions from you. Last edited by mallard32; 07-13-2006 at 04:19 PM.

07-13-2006, 11:18 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,900 OS: WinXP and Vista	Hi, From Normal Mode: Open HijackThis and run a scan. 'Check' this entry: O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS Click 'Fix Checked' and close HijackThis. ------------------------------------- Create an Uninstall List: Open HijackThis Click on the "Configure" button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" The list will automatically be saved in your HijackThis folder. Please copy and paste the uninstall_list.txt here along with a new HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-13-2006, 09:12 AM	#3 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	My HJT log Logfile of HijackThis v1.99.1 Scan saved at 10:05:47 AM, on 7/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Windows Defender\MSASCui.exe E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/285f5bcd...p/RdxIE601.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing) My ActiveScan Report Incident Status Location Spyware:spyware/whazit Not disinfected e:\windows\system32\fiz1 Adware:adware/gator Not disinfected e:\windows\downloaded program files\HDPlugin1019.dll Spyware:spyware/betterinet Not disinfected e:\windows\inf\satmat.inf Adware:adware/twain-tech Not disinfected e:\windows\satmat.ini Adware:adware/sidesearch Not disinfected E:\Documents and Settings\Owner\Application Data\Lycos Adware:adware/searchexe Not disinfected Windows Registry Adware:adware/topmoxie Not disinfected Windows Registry My Ewido Antispyware Report --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 10:44:26 AM 7/13/2006 + Scan result: E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,31,2005_8,48,59.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\10,17,2004_8,17,9.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\11,4,2004_14,16,11.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\4,3,2005_9,56,17.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\7,13,2004_13,13,12.zip/owner@bfast[1].txt -> TrackingCookie.Bfast : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@com[2].txt -> TrackingCookie.Com : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\4,25,2005_17,10,38.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@gator[1].txt -> TrackingCookie.Gator : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\7,15,2004_19,7,3.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\10,15,2004_14,32,29.zip/owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\5,19,2005_19,10,47.zip/owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\10,17,2004_8,17,9.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\1,1,2005_16,48,4.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\12,28,2004_17,33,14.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. E:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_10,39,14.zip/owner@c5.zedo[1].txt -> TrackingCookie.Zedo : No action taken. ::Report end

07-13-2006, 04:09 PM	#5 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	Ok, i am sorry, but i do not want to remove NoAdware since i paid money for it. I hoep this does not ruin anything. Can you tell me what to do with NoAdware installed. Please and Thanks. My system is running fine, no issue whatsoever.

07-13-2006, 04:56 PM	#8 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	alright doing it now

07-13-2006, 05:32 PM	#9 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	My active scan log Incident Status Location Spyware:spyware/betterinet Not disinfected Windows Registry Adware:adware/searchexe Not disinfected Windows Registry Adware:adware/topmoxie Not disinfected Windows Registry My HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:31:50 PM, on 7/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\cisvc.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\pctspk.exe E:\Program Files\Prevx1\PXAgent.exe E:\Program Files\Norton AntiVirus\SAVScan.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\Startup Mechanic\StartupMonitor.exe E:\Program Files\Prevx1\PXConsole.exe E:\Program Files\Everest Labs\Spydefense\sdc.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\WINDOWS\System32\HPZipm12.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe E:\WINDOWS\system32\cidaemon.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSzfw001YYUS O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing)

07-14-2006, 06:25 AM	#11 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	Logfile of HijackThis v1.99.1 Scan saved at 8:24:06 AM, on 7/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\cisvc.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\Startup Mechanic\StartupMonitor.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\pctspk.exe E:\Program Files\Prevx1\PXConsole.exe E:\Program Files\Everest Labs\Spydefense\sdc.exe E:\Program Files\Prevx1\PXAgent.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\SpywareGuard\sgmain.exe E:\Program Files\SpywareGuard\sgbhp.exe E:\Program Files\Norton AntiVirus\SAVScan.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe E:\WINDOWS\System32\HPZipm12.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\system32\cidaemon.exe E:\Documents and Settings\Owner\Desktop\GOOD GAMES\ANTIVIRUS PROTECTION\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TrackPopUp - {79594677-0416-4097-A421-41BE9667B36F} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Fellowes Proxy] E:\WINDOWS\System32\r3proxy.exe O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Startup Manager Scanner] E:\Program Files\Startup Mechanic\StartupMonitor.exe O4 - HKLM\..\Run: [PrevxOne] E:\Program Files\Prevx1\PXConsole.exe O4 - HKCU\..\Run: [SpyDefense] E:\Program Files\Everest Labs\Spydefense\sdc.exe /service O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://E:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Program Files\Titan Poker\casino.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM95\aim.exe O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - E:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: trioService - Unknown owner - E:\Program Files\3D-Relax\Moonlight Lake Trial\trioService.exe (file missing) My uninstall_list.txt Ad-Aware SE Personal Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager 1.2 (Remove Only) Adobe PDF IFilter 6.0 Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 7.0.7 AOL Instant Messenger AOL Uninstaller (Choose which Products to Remove) AV MP3 Player Morpher Battlefield 2(TM) Battlefield 2: Special Forces Bink and Smacker BitPim 0.9.01 BYOP Ultimate Splat Pack v1.0 CardRd81 CC_ccStart ccCommon CCleaner (remove only) CCScore Construction Destruction Counter-Strike: Condition Zero CR2 dBpowerAMP Music Converter dBpowerAMP WMA V9.1 Codec Desktop Weather by The Weather Channel Direct Show Ogg Vorbis Filter (remove only) EA downloader EasyPoint Mouse Software Emergency 3 ESSBrwr ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvcpt ESSvpaht ESSvpot Everest Labs Spydefense 0.9.8 Beta EximiousSoft GIF Creator V3.05 Field Training Officer Program Fraps Full Tilt Poker Fusion Pack Source Google Earth Google Toolbar for Internet Explorer Greeting Card Factory 2 Deluxe GTK+ 2.8.9 runtime environment Half-Life Half-Life(R) 2 Half-Life: Counter-Strike HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 HLPIndex HLPPDOCK HLPSFO Hotfix for Windows XP (KB896344) Hoyle Card Games 2003 Hoyle Casino 5 HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series HSP56 MicroModem Drivers J2SE Runtime Environment 5.0 Update 6 Kodak EasyShare software KSU Lavasoft VX2 Cleaner Lernout & Hauspie TruVoice American English TTS Engine LG USB Drivers LiveReg (Symantec Corporation) LiveUpdate 1.90 (Symantec Corporation) Macromedia Flash Player 8 Macromedia Shockwave Player Max Media Creator MaxDrive PS2 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Data Access Components KB870669 Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Office 2000 Professional Microsoft Phishing Filter Add-in for MSN Search Toolbar Microsoft Picture It! Express 7.0 Microsoft Picture It! Express 9 Microsoft Picture It! Library 9 Microsoft Picture It! Photo 2002 Microsoft Speech Recognition Engine 4.0 (English) Microsoft Streets and Trips 2002 Microsoft Windows Journal Viewer Microsoft Windows Script Host Microsoft Works 2002 Setup Launcher Microsoft Works 6.0 MP3 Rocket MP3 Update MSN MSN Encarta Plus Support Files MSN Messenger 7.5 MSN Search Toolbar MSRedist MSXML 4.0 SP2 Parser and SDK MSXML4 Parser Nero - Burning Rom Norton AntiVirus 2004 Norton AntiVirus 2004 (Symantec Corporation) Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton WMI Update Notifier NVIDIA Drivers Office Animation Runtime OfotoXMI OTtBP OTtBPSDK Panda ActiveScan PCFriendly PowerDVD Prevx1R Project64 1.6 QuickTime RealPlayer Registry Mechanic 5.0 Riva FLV Encoder 2.0 Search Preview Add-in for MSN Search Toolbar Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) SFR SFR2 SHASTA Shockwave Sierra Utilities SKIN0001 SKINXSDK SoundMAX Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 SpywareGuard v2.2 Startup Mechanic 2.8 Steam StormPredator Trial Version 3.02 Symantec Script Blocking Installer SymNet TeamSpeak 2 RC2 The Weather Channel Titan Poker TVUPlayer 1.5.12 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) V CAST Music VIA Rhine-Family Fast Ethernet Adapter Virtual DJ - Atomix Productions VPRINTOL Wal-Mart Music Downloads Store Wave Splitter 2.10 Weather Services Windows Defender Windows Defender Signatures Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Live Safety Scanner Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows Media Player 9 Series Winter Fun Pack Windows XP Creativity Fun Packs - Windows Movie Maker 2 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 WinRAR archiver WIRELESS XviD 1.1 final uninstall

07-14-2006, 07:59 AM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,900 OS: WinXP and Vista	Hi mallard32, Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links. Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update Go to Start>Run* - type wuaucpl.cpl Tick on the checkbox - "Keep my computer up to date" Under *Settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point* Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. Please take a look at these well written articles: HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls You already have the programs we usually suggest for protection. There is one you may want to add: Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD) From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list, by typing 2 Then return to the main menu. Select option #4 - Add the old porn sites domain, by typing 4 Please let us know if we can consider this thread resolved. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

07-14-2006, 09:16 AM	#13 (permalink)
mallard32 Registered User Join Date: Jul 2006 Location: Boston Posts: 116 OS: Windows Vista My System	RESOLVED, Thank You for your help Reid :) I will suggest this site to people, and i will stick around to see if i can help:) Good Job

07-14-2006, 09:20 AM	#14 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,900 OS: WinXP and Vista	You are welcome. Please do 'stick around'. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."