Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Deleting Virus/spyware Nvscv32.exe (or W32/agobot-noand Realsched.exe)


  • This topic is locked This topic is locked
15 replies to this topic

#1 slb1952

slb1952

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 10 December 2005 - 11:27 AM

Hi,
I have discovered two "baddies" on my computer.
nvscv32.exe OR w32/agobot-no

and

realsched.exe

I have been going through the processes recommended before asking for help:
Ran Spy Bot, Ad Aware (normally running) Norton (already running) and then Avert Stinger.
Stinger ran for 8 hours and wasn't done and I finally closed it.
I went ahead an downloaded/ran Hijack and this is the resulting logfile.
Can you help me figure out how to delete these "baddies"
Thanks
susan



Logfile of HijackThis v1.99.1
Scan saved at 11:09:26 AM, on 12/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\hijackthis_sfx.exe
C:\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.3.27/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb01.pogo.com/applet-6.0.1.20/...l-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.0.3.35/ccta...k-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-6.0.1.20/rou...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.4.31/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.25/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet/checkers2/...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.1.18/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.0.18/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.1...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.3.4.49/domi...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.0.46/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.37/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.1.18...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.3.38/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.2.29/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.0.46/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.2.31...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.4.31/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.31...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.21/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/pop...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.9.1.18/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-6.0.0.32/spa...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.3.29...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.4.31...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.3.27/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb02.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://studentdocs.andover.edu/htcomnet/XUpload.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 12 December 2005 - 05:17 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 13 December 2005 - 02:09 PM

I will try posting this again.
I ran Ewido and reran Hijack as you suggested. The log files follow. There were a TON of infected files. Is Norton Symantec not doing it's job?
Oneother "error, and I don't know if it is related, but at start up in normal mode I get the following error message. I just click "ok" and it goes on and boots, but didn't know what was up.

c:\windows\system32\uuzvke.exe

EWIDO and HIJACK Logs follow

Logfile of HijackThis v1.99.1
Scan saved at 1:47:59 PM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Susan Bruce\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.3.27/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb01.pogo.com/applet-6.0.1.20/...l-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.0.3.35/ccta...k-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-6.0.1.20/rou...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.4.31/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.25/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet/checkers2/...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.1.18/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.0.18/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.1...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.3.4.49/domi...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.0.46/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.37/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.1.18...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.3.38/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.2.29/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.0.46/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.2.31...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.4.31/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.31...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.21/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/pop...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.9.1.18/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-6.0.0.32/spa...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.3.29...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.4.31...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.3.27/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb02.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://studentdocs.andover.edu/htcomnet/XUpload.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:42:24 PM, 12/13/2005
+ Report-Checksum: B0796307

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\

#4 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 13 December 2005 - 02:10 PM

I will try posting this again.
I ran Ewido and reran Hijack as you suggested. The log files follow. There were a TON of infected files. Is Norton Symantec not doing it's job?
Oneother "error, and I don't know if it is related, but at start up in normal mode I get the following error message. I just click "ok" and it goes on and boots, but didn't know what was up.

c:\windows\system32\uuzvke.exe

EWIDO and HIJACK Logs follow

Logfile of HijackThis v1.99.1
Scan saved at 1:47:59 PM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Susan Bruce\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.3.27/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb01.pogo.com/applet-6.0.1.20/...l-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.0.3.35/ccta...k-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-6.0.1.20/rou...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.4.31/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.25/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet/checkers2/...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.1.18/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.0.18/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.1...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.3.4.49/domi...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.0.46/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.37/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.1.18...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.3.38/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.2.29/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.0.46/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.2.31...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.4.31/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.31...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.21/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/pop...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.9.1.18/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-6.0.0.32/spa...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.3.29...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.4.31...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.3.27/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb02.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://studentdocs.andover.edu/htcomnet/XUpload.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:42:24 PM, 12/13/2005
+ Report-Checksum: B0796307

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\1hlmemd9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Firefox\Profiles\ih0mm8yc.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 13 December 2005 - 02:50 PM

Most of Ewido was third party cookies

In Mozilla - Edit - preferences - Privacy - Cookies - Check "Allow Cookies for the orignating site only

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\System32\uuzvke.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 13 December 2005 - 05:37 PM

I don't really understand this instruction:
Fix these with HJT – mark them, close IE, click fix checked

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 13 December 2005 - 05:42 PM

Run HiJackThis - scan only

click the box to the left of that entry

Close Internet Explorer

In HiJackThis - click fix checked - that will remove that entry
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 13 December 2005 - 06:26 PM

Ok, but when I went to look for "run" in safe mode, I couldn't "find" it. When I went ot reboot in normal mode I still got that message. Prob ok, since I couldn't follow the remaining instructions. Please advise as to ho to geto "run". It wasn't on my "list". and couldn't seem to arrow to it.

By the way, thank you so much.

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 14 December 2005 - 11:17 AM

the Run command is in the start menu

Post a new log from HiJackThis
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 14 December 2005 - 12:29 PM

Not to be a dummy, but... The start menu is "too big" in safe mode and "run" doesn't show up and I can't seem to arrow key it to find it. Sorry to be a bother.

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 14 December 2005 - 02:02 PM

Do it in normal mode
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 14 December 2005 - 02:41 PM

Hi, It wouldn't let me delete 2 files:

hsperfdata_Susan Bruce (this contains file 3288)
ACR14E.tmp

Here is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 2:31:37 PM, on 12/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Susan Bruce\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.3.27/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb01.pogo.com/applet-6.0.1.20/...l-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.0.3.35/ccta...k-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-6.0.1.20/rou...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.4.31/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.25/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet/checkers2/...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.1.18/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.0.18/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.1...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.3.4.49/domi...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.0.46/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.37/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.1.18...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.3.38/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.2.29/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.0.46/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.2.31...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.4.31/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.31...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.21/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/pop...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.9.1.18/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-6.0.0.32/spa...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.3.29...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.4.31...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.3.27/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb02.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://studentdocs.andover.edu/htcomnet/XUpload.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#13 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 14 December 2005 - 02:59 PM

Sorry, correct HJT log follows. I had forgotten to reboot.
Still didn't let me delete the
hsperfdata_Susan Bruce folder (contains file 3288)
and the ACR14E.tmp

When I rebooted I still get the error message that can't find:

uuzvke.exe


Here is the HGT log

Logfile of HijackThis v1.99.1
Scan saved at 2:53:39 PM, on 12/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Susan Bruce\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Susan Bruce\Application Data\Mozilla\Profiles\default\tuois4qs.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.3.27/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb01.pogo.com/applet-6.0.1.20/...l-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.0.3.35/ccta...k-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-6.0.1.20/rou...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.22/blac...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.4.31/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.25/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet/checkers2/...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.1.18/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.0.18/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.1...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.3.4.49/domi...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.0.46/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.37/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.1.18...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.3.38/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game6.pogo.com/applet-6.0.4.37/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.2.29/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.0.46/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.0.2.29/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.1.18/nas...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.1.0.39/paig...w-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.2.31...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.4.31/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.31...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.21/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.3.38/pop...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/rico...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-5.9.1.18/slot...i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-6.0.0.32/spa...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.0.4.31/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.3.29...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.4.31...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.3.27/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game5.pogo.com/applet-6.0.4.31/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb02.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://studentdocs.andover.edu/htcomnet/XUpload.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 14 December 2005 - 04:12 PM

Fix this entry in hijack

O4 - HKLM\..\RunOnce: [uuzvke.exe] C:\WINDOWS\System32\uuzvke.exe /k

Run HiJackThis - scan only

click the box to the left of that entry

Close Internet Explorer

In HiJackThis - click fix checked - that will remove that entry
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 slb1952

slb1952
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 December 2005 - 10:45 AM

You are the best! Thank you so much. I rebooted and NO uuzvke.exe
After running HJT I also "fixed" the real schedule annoyance. Don't get that messy little thing eating up my CPU on start up anymore either.
Have a wonderful Holiday.
Susan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users