WINCTLAD.EXE

Posted 12/17/2004 1:12 AM
#6780
User avatar

Joetriple Member

Date Joined Nov 2016
Total Posts: 5
When I log on my computer takes forever to get going. I open task manager and see several winctlad.exe and several winctladalt.exe in process. <br/>What should I do? <br/> <br/>Thanks, Joe C
Posted 12/17/2004 11:43 AM
#6804
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi :cool: <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://danborg.org/spy/HJT/hijackthis.exe</FONT></U></A><SPAN]<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Put HJT in a permanent folder. Here's how to make the folder: <br/>Click My Computer, then C:\ <br/>In the menu bar, File->New->Folder. <br/>That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><FONT face="Times New Roman">You will notice the <SPAN style="COLOR: red">Scan button has become a <SPAN style="COLOR: red">Save Log button. Click the Save Log button and Highlight the Entire Log by pressing Ctrl+A and Copy it. Post log here<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/17/2004 12:36 PM
#6808
User avatar

Joetriple Member

Date Joined Nov 2016
Total Posts: 5
Thanks for the response.
Posted 12/18/2004 1:40 AM
#6833
User avatar

Joetriple Member

Date Joined Nov 2016
Total Posts: 5
Logfile of HijackThis v1.99.0 <br/>Scan saved at 8:34:23 PM, on 12/17/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\TFNF5.exe <br/>C:\WINDOWS\System32\00THotkey.exe <br/>C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe <br/>C:\WINDOWS\system32\TPWRTRAY.EXE <br/>C:\Toshiba\IVP\ISM\pinger.exe <br/>C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe <br/>C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\Program Files\DIGStream\digstream.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\EarthLink TotalAccess\TaskPanl.exe <br/>C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe <br/>C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Joe\Desktop\hijackthis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl <br/>O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll (file missing) <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll <br/>O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll (file missing) <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <br/>O4 - HKLM\..\Run: [TFNF5] TFNF5.exe <br/>O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe <br/>O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe <br/>O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01 <br/>O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE <br/>O4 - HKLM\..\Run: [Pinger] C:\Toshiba\IVP\ISM\pinger.exe /run <br/>O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe <br/>O4 - HKLM\..\Run: [Yahoo Instant Messenger] yahoomsngr.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/>O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] yahoomsngr.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe -a <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart <br/>O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE <br/>O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O4 - Global Startup: Network Device Switch.lnk = ? <br/>O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html <br/>O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html <br/>O8 - Extra context menu item: Yahoo! Dictionary - http://download.games.yahoo.com/games/clients/y/pote_x.cab <br/>O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab <br/>O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.com/demox/pm/demox.cab <br/>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll <br/>O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab <br/>O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/> <br/><br /><br />
Posted 12/18/2004 8:20 AM
#6853
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://www.lavasoftusa.com/support/download/</FONT></U></A><o:p></o:p></FONT> <br/> <br/>Spybot: [url=http://www.safer-networking.org/en/download/index.html]<SPAN style="FONT-FAMILY: 'Times New Roman'">http://www.safer-networking.org/en/download/index.html[/color][/u][/url]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff><SPAN] http://www.xtra.co.nz/help/0,,4155-1916458,00.html[/color]</U></A>=<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#800080>http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm</U></A><o:p></o:p> <br/> <br/> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#800080>http://yahoo.sbc.com/dsl</U></A><SPAN] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <SPAN style="FONT-SIZE: 8pt">[url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com]<SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[/color][/u][/url]<SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = <SPAN style="FONT-SIZE: 8pt">[url=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html]<SPAN lang=EN-GB style="mso-ansi-language: EN-GB">[color=#0000ff>http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html[/u][/url]<SPAN] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <SPAN style="FONT-SIZE: 8pt">[url=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com]<SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com[/color][/u][/url]<SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"> <br/>O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll (file missing) <br/>O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll <br/>O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll (file missing) <br/>O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">Press the "Fix checked" button. Then close HijackThis. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><FONT face="Times New Roman"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">Reboot into Safe Mode -<SPAN style="mso-spacerun: yes"> hit F8 key untill menu shows up<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">Find and delete:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe<SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\Program Files\Windows ControlAd\WinCtlAd.exe<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Run the mwav scanner: <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Activate all, in settings- Scan <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>Spybot, click on the Immunize button. Then "Scan System" button. When the Check is over, fix all marked with red<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Adware<SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Push START <br/>Perform full system scan. NEXT <br/>To fix all the bad critical objects do the following: <br/>Right click on one of them to open up the selection screen. Click the "Select All" button to select all entries. <br/>When all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal. <br/> <br/><SPAN style="mso-spacerun: yes"> Reboot<o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Go to Start | Run and type: cleanmgr.exe and hit enter. <SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>When prompted what drive to clean select your hard drive c: <br/><SPAN class=postbody>If asked what folders to clean in a list, tick them all to clean all temp folders, downloaded program folders, temporary internet files, etc., and the recycle/trash bin. <br/> <br/><SPAN style="mso-spacerun: yes"> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> post new log<SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/18/2004 1:53 PM
#6878
User avatar

Joetriple Member

Date Joined Nov 2016
Total Posts: 5
Thanks again, <br/>I'll post when complete.
Posted 12/19/2004 3:45 AM
#6937
User avatar

sport938 Member

Date Joined Nov 2016
Total Posts: 6
i am having the same problem. it slows my computer down sooo much. ususally i jsut restart it and its fine for awhile. i see the winctlad.exe and wincrtadalt.exe running my task manager. here is my hijack this report. <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 10:40:01 PM, on 12/18/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\STOPzilla!\szntsvc.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\WINDOWS\System32\ezSP_Px.exe <br/>C:\WINDOWS\System32\dizfcg.exe <br/>C:\Program Files\BroadJump\Client Foundation\CFD.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\azw94a.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>C:\Documents and Settings\Owner\My Documents\HijackThis.exe <br/> <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet <br/>R3 - Default URLSearchHook is missing <br/>O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing) <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\3euhi9j.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing) <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [abu] abu.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe <br/>O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers <br/>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [rwjnvampmcvsx] C:\WINDOWS\System32\dizfcg.exe <br/>O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe <br/>O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe <br/>O4 - HKLM\..\Run: [workflo] D:\install\workflow.exe <br/>O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKLM\..\RunOnce: [40rg29.exe] C:\WINDOWS\System32\40rg29.exe /k <br/>O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE" <br/>O4 - HKCU\..\RunOnce: [40rg29.exe] C:\WINDOWS\System32\40rg29.exe /k <br/>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html <br/>O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db <br/>O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab <br/>O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe <br/>O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe <br/> <br/> <br/> <br/> <br/> <br/>please help!
Posted 12/19/2004 4:22 AM
#6941
User avatar

Xero Member

Date Joined Nov 2016
Total Posts: 1
Hello, I have having the same exact problem and i downloaded all the adware and spybot programs i need. here is my hijack log <br/> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 10:07:45 PM, on 12/18/2004 <br/>Platform: Windows XP (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\System32\drivers\CDAC11BA.EXE <br/>C:\WINDOWS\System32\cisvc.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\wanmpsvc.exe <br/>C:\WINDOWS\System32\cidaemon.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Common Files\slmss\slmss.exe <br/>C:\Program Files\ISTsvc\istsvc.exe <br/>C:\WINDOWS\jawa32.exe <br/>C:\WINDOWS\qcgxw.exe <br/>C:\WINDOWS\System32\devldr32.exe <br/>C:\Program Files\Winamp\winampa.exe <br/>C:\WINDOWS\Efmvxf.exe <br/>C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe <br/>C:\WINDOWS\System32\winmonv.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\temp\salm.exe <br/>C:\WINDOWS\orgbgdft.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\System32\ctfmon.exe <br/>C:\WINDOWS\System32\RUNDLL32.EXE <br/>C:\WINDOWS\System32\iolcons.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe <br/>C:\WINDOWS\System32\rundll32.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Documents and Settings\Sara\Desktop\hijackthis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase= <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: (no name) - _{1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - (no file) <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL <br/>O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll <br/>O2 - BHO: BrowserHelper Class - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) <br/>O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll <br/>O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file) <br/>O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" <br/>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe <br/>O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs <br/>O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe <br/>O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe <br/>O4 - HKLM\..\Run: [xqv] C:\WINDOWS\xqv.exe <br/>O4 - HKLM\..\Run: [lepgp] C:\WINDOWS\lepgp.exe <br/>O4 - HKLM\..\Run: [lshshiv] C:\WINDOWS\lshshiv.exe <br/>O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe <br/>O4 - HKLM\..\Run: [aelrva] C:\WINDOWS\System32\rzddcs.exe <br/>O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe <br/>O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe <br/>O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [ts8X3pe] srvses.exe <br/>O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe <br/>O4 - HKLM\..\Run: [Wvdwnf] C:\WINDOWS\qcgxw.exe <br/>O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe <br/>O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe <br/>O4 - HKLM\..\Run: [sprunu] C:\WINDOWS\Efmvxf.exe <br/>O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe <br/>O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe <br/>O4 - HKLM\..\Run: [wmv] C:\WINDOWS\System32\winmonv.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <br/>O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe <br/>O4 - HKLM\..\Run: [36PWbyO] C:\WINDOWS\orgbgdft.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe <br/>O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [cBr7RfK3e] iolcons.exe <br/>O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook <br/>O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe <br/>O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe <br/>O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe <br/>O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_06\bin\npjpi141_06.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_06\bin\npjpi141_06.dll <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE <br/>O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e685f42af16b4ae133fb6395c0ae1826074370b6ef2ab58c7b394a46b7785ed02dcd1d18afd71cf37a3273507e405440345a19b4981e02e4ec71b0834b3328:522a1c137ec85ca995271ab95b94951b <br/>O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50026/QDow.cab <br/>O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab <br/>O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28e05bd3fbeeb7ffb720/netzip/RdxIE601.cab <br/>O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} - http://www.spyblast.com/download/SBFull.cab <br/>O16 - DPF: {F1A51F21-59DF-4486-BA31-5B816DA481EB} - http://www.fastseeker.com/toolbar/download/FastSeekerSetup5.cab <br/>O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/acgm/Acgm.cab <br/>O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab <br/>O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll <br/>O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe <br/>O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe <br/> <br/><br /><br /> <br/><br /><br /> <br/>please please help me i've been having this problem for a month or so and i've been trying to look for a solution <br/> <br/>thank you, Sean S
Posted 12/19/2004 6:37 PM
#6990
User avatar

AndyT Member

Date Joined Nov 2016
Total Posts: 1
I am having problems with this as well. Here is my log: <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 12:18:13 PM, on 12/19/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe <br/>C:\Program Files\Trend Micro\Internet Security\tmproxy.exe <br/>C:\Program Files\Iomega\AutoDisk\ADService.exe <br/>C:\WINDOWS\system32\fxssvc.exe <br/>C:\Program Files\Trend Micro\Internet Security\PccPfw.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\AGRSMMSG.exe <br/>C:\Program Files\Trend Micro\Internet Security\pccguide.exe <br/>C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe <br/>C:\Program Files\Iomega\DriveIcons\ImgIcon.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe <br/>C:\temp\salm.exe <br/>C:\WINDOWS\system32\SahAgent.exe <br/>C:\Program Files\Internet Optimizer\optimize.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe <br/>C:\Program Files\Internet Optimizer\actalert.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe <br/>C:\WINDOWS\System32\HPZipm12.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\DOCUMENTS AND SETTINGS\ANDY TICHENOR\MY DOCUMENTS\My Downloads\hijackthis.exe <br/> <br/>R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) <br/>N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Andy Tichenor\Application Data\Mozilla\Profiles\default\9tssusc9.slt\prefs.js) <br/>N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Andy Tichenor\Application Data\Mozilla\Profiles\default\9tssusc9.slt\prefs.js) <br/>O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL <br/>O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll (file missing) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe <br/>O4 - HKLM\..\Run: [VTPreset] VTPreset.exe <br/>O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" <br/>O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" <br/>O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run <br/>O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe <br/>O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" <br/>O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe <br/>O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe <br/>O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART <br/>O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <br/>O4 - HKLM\..\Run: [xibif] C:\WINDOWS\xibif.exe <br/>O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe <br/>O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" <br/>O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe <br/>O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo <br/>O4 - Global Startup: hp psc 1000 series.lnk = ? <br/>O4 - Global Startup: hpoddt01.exe.lnk = ? <br/>O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML <br/>O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html <br/>O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231XXUS <br/>O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll <br/>O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab <br/>O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5 <br/>O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab <br/>O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab <br/>O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab <br/>O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe <br/>O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe <br/>O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe <br/>O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe <br/>O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Posted 12/19/2004 7:13 PM
#6994
User avatar

christina Member

Date Joined Nov 2016
Total Posts: 1
i am also having the same problem, can you please help asap. :confused: <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 2:10:58 PM, on 12/19/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe <br/>C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe <br/>C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe <br/>C:\Program Files\Dell\Media Experience\PCMService.exe <br/>C:\WINDOWS\system32\dla\tfswctrl.exe <br/>C:\PROGRA~1\mcafee.com\agent\mcagent.exe <br/>C:\Program Files\Real\RealPlayer\RealPlay.exe <br/>C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe <br/>C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe <br/>C:\Program Files\McAfee.com\MPS\mscifapp.exe <br/>c:\progra~1\mcafee.com\vso\mcvsescn.exe <br/>C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe <br/>C:\Program Files\Dell Support\DSAgnt.exe <br/>C:\Program Files\AIM\aim.exe <br/>C:\Program Files\America Online 9.0\aoltray.exe <br/>C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>c:\PROGRA~1\mcafee.com\vso\mcshield.exe <br/>c:\progra~1\mcafee.com\vso\mcvsftsn.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Program Files\America Online 9.0\waol.exe <br/>C:\Program Files\America Online 9.0\shellmon.exe <br/>C:\Program Files\Windows Media Player\wmplayer.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>C:\Documents and Settings\Ronald Harrison\My Documents\My Pictures\Chrissees\hijackthis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway <br/>R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll <br/>O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll <br/>O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll <br/>O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe <br/>O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" <br/>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r <br/>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe <br/>O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask <br/>O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe <br/>O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe <br/>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe <br/>O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe <br/>O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe <br/>O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding <br/>O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe <br/>O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup <br/>O4 - HKLM\..\Run: [ngfsbsx] C:\WINDOWS\ngfsbsx.exe <br/>O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup <br/>O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O15 - Trusted Zone: *.musicmatch.com <br/>O15 - Trusted Zone: *.musicmatch.com (HKLM) <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{B671F306-FAD7-4EDC-8EA9-3A76E7C1F45F}: NameServer = 205.188.146.146 <br/>O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe <br/>O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe <br/>O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe <br/>O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe <br/>O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe <br/>O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe <br/> <br/> thanks
Posted 12/19/2004 7:30 PM
#6995
User avatar

piquant Member

Date Joined Nov 2016
Total Posts: 8
Might as add me to the list too! <br/> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 10:12:00 AM, on 12/19/2004 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\WINDOWS\mHotkey.exe <br/>C:\Program Files\eM\Bay Reader\Shwicon2k.exe <br/>C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe <br/>C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Windows ServeAd\WinServAd.exe <br/>C:\temp\salm.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Program Files\Windows ServeAd\WinServSuit.exe <br/>C:\Program Files\SpyKiller\spykiller.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe <br/>C:\Program Files\BestPopUpKiller\BestPopupKiller.exe <br/>C:\Program Files\BigFix\BigFix.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\WINDOWS\system32\slserv.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\HiJackThis\hijackthis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.i--search.com/ie/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://www.couldnotfind.com/search_page.html?&account_id=155351]http://www.couldnotfind.com/search_page.html?&account_id=155351[/url] <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redhottopic.com/forums/index.php?showforum=98 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://www.couldnotfind.com/search_page.html?&account_id=155351]http://www.couldnotfind.com/search_page.html?&account_id=155351[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ <br/>R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) <br/>O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing) <br/>O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" <br/>O4 - HKLM\..\Run: [CHotkey] mHotkey.exe <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe <br/>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe <br/>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe <br/>O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe <br/>O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKLM\..\Run: [yxyb] C:\WINDOWS\yxyb.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl <br/>O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup <br/>O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup <br/>O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O9 - Extra button: (no name) - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll <br/>O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe <br/>O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe <br/>O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com <br/>O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab <br/>O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab <br/>O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab <br/>O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab <br/>O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=fab19f64c271dfd5b772fcfb344ed4d5f8217f7b03e9b7145eeb15c7b73869070b857bc819ac1ca41787ff055d83fcb743482bfaec:0a002003c3f6d5950937c6314a45eb37 <br/>O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/resources/MsnPUpld.cab <br/>O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab <br/>O18 - Protocol hijack: mhtml - <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing) <br/> <br/><br /><br />
Posted 12/19/2004 10:23 PM
#7001
User avatar

Joetriple Member

Date Joined Nov 2016
Total Posts: 5
Touch, <br/> <br/>here's the latest log. Should I go back and reset all settings? <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 5:19:46 PM, on 12/19/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\TFNF5.exe <br/>C:\WINDOWS\System32\00THotkey.exe <br/>C:\WINDOWS\system32\TPWRTRAY.EXE <br/>C:\Toshiba\IVP\ISM\pinger.exe <br/>C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe <br/>C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\Program Files\DIGStream\digstream.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\EarthLink TotalAccess\TaskPanl.exe <br/>C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe <br/>C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Joe\Desktop\hijackthis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.earthlink.net/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <br/>O4 - HKLM\..\Run: [TFNF5] TFNF5.exe <br/>O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe <br/>O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe <br/>O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE <br/>O4 - HKLM\..\Run: [Pinger] C:\Toshiba\IVP\ISM\pinger.exe /run <br/>O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe <br/>O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.5.2.32\InstallStub.exe -a <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart <br/>O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE <br/>O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <br/>O4 - Global Startup: Network Device Switch.lnk = ? <br/>O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html <br/>O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html <br/>O8 - Extra context menu item: Yahoo! Dictionary - http://download.games.yahoo.com/games/clients/y/pote_x.cab <br/>O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab <br/>O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.com/demox/pm/demox.cab <br/>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll <br/>O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab <br/>O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/> <br/><br /><br />
Posted 12/22/2004 2:21 AM
#7120
User avatar

Tuck Member

Date Joined Nov 2016
Total Posts: 1
Found this forum because I was looking for a fix -- saw there wasn't one yet and created my own. It works, and I figured I'd share the joy. <br/> <br/>I recommend rebooting the PC first. When it's done booting, start notepad (START BUTTON --> RUN --> NOTEPAD) or another text editor. Copy and paste the five lines below into the text editor about six times; make sure the structure below is preserved. Save this file as tk.bat (a batch file) in a root directory like C:\ (to make it easy to get to). Once you've saved this text as a batch file, run the batch file about half a dozen times in quick succession. You can either double-click the file six times quickly, or use the run command (windows-r) to run it quickly. This batch file will kill all of those nasty running tasks. It contains the following five lines repeated, MINUS the --- lines (for some reason you can't attach any files or put linefeeds in this forum!!) <br/> <br/>--- <br/> <br/>taskkill /f /im WinServAd.exe <br/>taskkill /f /im WinCtlAd.exe <br/>taskkill /f /im WinServSuit.exe <br/>taskkill /f /im WinCtlAdAlt.exe <br/>taskkill /f /im ts2.exe <br/> <br/>--- <br/> <br/>The first four I'm fairly sure you'll all see in the processes list. The last was something on my system that also refused to be terminated manually -- a good sign, in my opinion, that it should be terminated! Once you've run this batch file several times you'll notice error messages in the command windows that the process was not found. This is, of course, good news. Bring up the task manager (right-click on taskbar, go to "task manager" and then the "processes" tab) if you're not there already, and verify that these processes have been terminated. <br/> <br/>Then open the registry editor (windows-r (or START BUTTON --> RUN) --> REGEDIT) and navigate to the following "folder" in the leftmost pane: <br/> <br/>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run <br/> <br/>(Point of interest; this is just like the "startup" folder in your START BUTTON --> ALL PROGRAMS menu. It's a list of stuff that will start on bootup -- yeah, that "most folks" don't know about. Legitimate programs use this registry key (graphics drivers, anti-virus programs, mouse utilities), but also, so does spyware -- keep this in mind for the next time you're under attack!) <br/> <br/>You'll find entries for (I'm doing this off memory) some of the above-listed processes. Take note of the path these files are located in first. Then right-click on the entries for the above .exe files (I had two in my registry) in the rightmost pane and select "Delete." This will remove them from the startup process. Then shut down the registry editor, and navigate to the folders these executables are located in and delete them. If they won't allow you to delete, startup in safe mode (later) as Touch instructed, navigate to the paths manually, and delete the files. <br/> <br/>Finally, give your PC a good sweep with ad-aware (first) and then spybot s&d (as spybot sometimes can't remove spyware and may require a reboot). <br/> <br/>While you're at it, turn on "immunization" in spybot like Touch instructed; the Spybot resident program will monitor changes to your registry and ask you to allow or deny them. GENERALLY SPEAKING, if you see "value deleted" after running a spyware sweep and clean you're safe -- as the Spybot resident program will even catch spyware deletions that Spybot itself does (?); be wary of "value added" messages. <br/> <br/>Use ad-aware and spybot (be sure to update the definitions first!) until your system is clean (0 non-negligible entries detected by both), and reward yourself with a nice cold (Canadian) Foster's or a frothy pint of Guinness. ;)
Posted 12/24/2004 6:16 PM
#7249
User avatar

jbrandon23 Member

Date Joined Nov 2016
Total Posts: 3
Tuck - I tried your fix, unfortunately I could never get the bad processes to stop no matter how many times I tried to taskkill them. Here is my HJT file. If anyone is feeling the holiday spirit and willing to help me out with this I'd really appreciate it. <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 11:17:00 AM, on 12/24/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\WINDOWS\system32\devldr32.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\DELLMMKB.EXE <br/>C:\Program Files\Norton Internet Security\IAMAPP.EXE <br/>C:\Program Files\DIGStream\digstream.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\MSN Messenger\MsnMsgr.Exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>C:\WINDOWS\Nhksrv.exe <br/>C:\WINDOWS\System32\drivers\CDAC11BA.EXE <br/>C:\WINDOWS\system32\cisvc.exe <br/>C:\WINDOWS\System32\CTsvcCDA.EXE <br/>c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe <br/>C:\Program Files\Netropa\OSD.exe <br/>C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton Internet Security\NISUM.EXE <br/>C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\WINDOWS\System32\tcpsvcs.exe <br/>C:\WINDOWS\System32\snmp.exe <br/>C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\Program Files\Norton Internet Security\SymProxySvc.exe <br/>C:\WINDOWS\system32\fxssvc.exe <br/>C:\Program Files\Norton Internet Security\NISSERV.EXE <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Program Files\Windows ServeAd\WinServAd.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>C:\Program Files\Windows ServeAd\WinServSuit.exe <br/>C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe <br/>C:\Documents and Settings\Jon\Desktop\hijackthis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/ <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <br/>O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE <br/>O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE <br/>O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe <br/>O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background <br/>O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit <br/>O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup <br/>O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html <br/>O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Jon\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm <br/>O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html <br/>O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html <br/>O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll <br/>O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll <br/>O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll <br/>O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll <br/>O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/HushEncryptionEngine.cab <br/>O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/>O16 - DPF: {2F824F9A-F14B-4847-83DE-616D7B589CD0} (Viair Address Book Importer) - https://nextel.wirelessinbox.com/contacts/addrbook2.cab <br/>O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.41/06ccac001dc2998e5004/netzip/RdxIE.cab <br/>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16b7b2f78ae95ff59101/netzip/RdxIE601.cab <br/>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab <br/>O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab <br/>O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/reader/live/Disk1/isetupml.cab <br/>O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab <br/>O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shopintuit.com/Executables/IE/IDA.cab <br/>O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab <br/>O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.com/qw2001/qcominst.cab <br/>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab <br/>O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab <br/>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab <br/>O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab <br/>O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab <br/>O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mikescamera.lifepics.com/common/UserUpload/xupload.ocx <br/>O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab <br/>O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab <br/>O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab <br/>O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE <br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE <br/>O23 - Service: IIS Admin - Unknown - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) <br/>O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe <br/>O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE <br/>O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE <br/>O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Simple Mail Transfer Protocol (SMTP) - Unknown - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) <br/>O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe <br/>O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, December 6, 2016, 6:53 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.