Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log


  • Please log in to reply
13 replies to this topic

#1 BikoBoo

BikoBoo

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 06 March 2007 - 02:08 AM

Hi, I've been through everything I can possibly think of to do to remove spyware from my computer (after a long process started by Outerinfo), and I just want to know if I'm clean now. I've run Norton A/V, Spybot, ATF Cleaner, AVG A/S, Ad-Aware, SuperAntiSpyware, and lastly HJT. Here is my log, if someone would kindly look it over and let me know if I can resume normal operations. Thank you so very much!!

Logfile of HijackThis v1.99.1
Scan saved at 2:00:08 AM, on 3/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\LXSUPMON.EXE
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Shelli\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {8AD503E4-9054-BAF3-2450-9A5B525C31B5} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {8AD503E4-9054-BAF3-2450-9A5B525C31B5} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] F:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] F:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.8.1.38/back...ammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/blac...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbja...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.8.0.25/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.4.51/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.43/cana...nasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/ches...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.9.1.32/chec...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.9.1.38/euch...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.61/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.0.43/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.8.3.35/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hang...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.9.1.32/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.1.38/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/draw...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.0.61/mahj...hjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paig...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.4.51/free...ecell-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.38/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.8.2.23/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.8.0.25/pino...ochle-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.0.61/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.0.43/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.5.28/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.32/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.8.4.51/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.8.2.23/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.3.35/swee...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.8.1.30/hold...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.8.4.51/turb...rbo22-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.8.3.22/babb...abble-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.8.3.22/whac...kdown-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.8.2.23/worl...class-en_US.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173118650234
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...ameLauncher.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Shelli

BC AdBot (Login to Remove)

 


m

#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 08 March 2007 - 03:20 PM

Hi BikoBoo :thumbsup:

You have at lest some leftovers there...

At first:

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#3 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 08 March 2007 - 10:59 PM

Thank you for your reply! Here is the copy of the awf file you requested:


Find AWF report by noahdfear 2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
**************************************************'

Also, I don't know if this has any bearing on what my computer's problem is, but Norton A/V occasionally pops up a window on the bottom left (normal when it's running a check on something), saying that it's waiting for a scan of something that I don't recognize. It happens really fast, so I can't get the entire file name, but it's something similar to " %avenge....... " with the dots replacing the portion I can't catch because it happens so fast.

I noticed, also, that the awf file was looking for "bak" folders. I had (and thought I removed successfully) a trojan called Zonebac, and had to manually go in and replace the bak files out of my registry and other folders. I also had to manually change some of my registry subkey values. Maybe this virus never was completely removed? Hoping someone here can tell me, and get me back up and running without problems.

Thanks again!!
Shelli

#4 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 09 March 2007 - 03:06 AM

Hi again, we'll continue :thumbsup:

The FindAWF log was clean which is a good thing.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware:
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R3 - URLSearchHook: (no name) - {8AD503E4-9054-BAF3-2450-9A5B525C31B5} - (no file)
O2 - BHO: (no name) - {8AD503E4-9054-BAF3-2450-9A5B525C31B5} - (no file)
O20 - AppInit_DLLs:

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
UNITE & ASAP member since 2006
Posted Image
Posted Image

#5 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 09 March 2007 - 07:29 AM

Wow, thanks!! I'd already done alot of that before you posted, but just to be on the thorough side, I did it all again.

Here is my AVG log (empty since there were no probs on it):
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:51:10 AM 3/9/2007

+ Scan result:



Nothing found.


::Report end

*****************************************************

And here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:17:39 AM, on 3/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\LXSUPMON.EXE
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Documents and Settings\Shelli\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] F:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] F:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.8.1.38/back...ammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/blac...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbja...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.8.0.25/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.4.51/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.43/cana...nasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/ches...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.9.1.32/chec...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.9.1.38/euch...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.61/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.0.43/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.8.3.35/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hang...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.9.1.32/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.1.38/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/draw...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.0.61/mahj...hjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paig...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.4.51/free...ecell-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.38/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.8.2.23/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.8.0.25/pino...ochle-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.0.61/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.0.43/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.5.28/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.32/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.8.4.51/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.8.2.23/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.3.35/swee...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.8.1.30/hold...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.8.4.51/turb...rbo22-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.8.3.22/babb...abble-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.8.3.22/whac...kdown-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worl...class-en_US.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

******************************************************

Whatever I can find out, is helpful to me. Oh, on a side note, I have 2 things showing up in my add/remove programs that I'm fairly certain I don't want, but yet the second I remove them, they're back again. They are "Advanced Tools" and "Yahoo! Toolbar" (a second one, without the usual icon for Yahoo). There's no info to help me figure out what they truly belong to, no byte size, nothing...just the button to remove, then they're RIGHT back again.

Anyway, thank you all so much for all your help. I can already tell my system is running a bit faster since I took those 3 entries out (from my previous HJT log). To get it 100% cleaned would almost be a miracle! LOL

Again, thank you!
Shelli

#6 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 10 March 2007 - 03:47 AM

Ok let's do a little research....

Download ComboScan to your Desktop.


1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please attach Supplementary.txt to your post.


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#7 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 10 March 2007 - 05:29 AM

Results:

ComboScan:

ComboScan v20070306.20 run by Shelli on 2007-03-10 at 05:12:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
45: 2007-03-10 10:12:25 UTC - RP45 - ComboScan Restore Point
44: 2007-03-10 03:20:49 UTC - RP44 - System Checkpoint
43: 2007-03-09 03:18:14 UTC - RP43 - System Checkpoint
42: 2007-03-07 04:11:57 UTC - RP42 - System Checkpoint
41: 2007-03-06 03:13:02 UTC - RP41 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2007-02-03 03:14:39 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Shelli.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:12:35 AM, on 3/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\LXSUPMON.EXE
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Documents and Settings\Shelli\Desktop\comboscan.exe
F:\DOCUME~1\Shelli\Desktop\Shelli.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] F:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] F:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.8.1.38/back...ammon-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/blac...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbja...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.8.0.25/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.4.51/bowl...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.43/cana...nasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/ches...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/crib...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.9.1.32/chec...dflag-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.9.1.38/euch...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.61/firs...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.8.3.35/gree...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.1.38/hang...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.9.1.32/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.3.29/hear...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/draw...poker-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.5.28/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.0.61/mahj...hjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paig...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.4.51/free...ecell-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/peng...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.38/wate...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.8.2.23/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.8.0.25/pino...ochle-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.0.61/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.0.43/popp...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.5.28/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squa...uares-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.1.32/spid...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.8.4.51/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.8.2.23/swee...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.3.35/swee...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.8.1.30/hold...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.8.4.51/turb...rbo22-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.8.3.22/babb...abble-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.8.3.22/whac...kdown-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worl...class-en_US.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "F:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S ADM8511 (ADMtek ADM8511/AN986 USB To Fast Ethernet Converter) - F:\WINDOWS\system32\drivers\ADM8511.SYS
1R AVG Anti-Spyware Driver - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - F:\WINDOWS\system32\drivers\AvgAsCln.sys
3R ctlsb16 (Creative SB16/AWE32/AWE64 Driver (WDM)) - F:\WINDOWS\system32\drivers\ctlsb16.sys
3S HCF_MSFT - F:\WINDOWS\system32\drivers\HCF_MSFT.sys
3R hidusb (Microsoft HID Class Driver) - F:\WINDOWS\system32\drivers\hidusb.sys
3R mouhid (Mouse HID Driver) - F:\WINDOWS\system32\drivers\mouhid.sys
3R N100 (Compaq Ethernet or Fast Ethernet NIC Driver) - F:\WINDOWS\system32\drivers\n100325.sys
3R NAVENG - F:\Program Files\Common Files\Symantec Shared\VirusDefs\20070307.037\NAVENG.SYS
3R NAVEX15 - F:\Program Files\Common Files\Symantec Shared\VirusDefs\20070307.037\NAVEX15.SYS
3R NPDriver (Norton Unerase Protection Driver) - F:\WINDOWS\system32\drivers\NPDRIVER.SYS
1R P3 (Intel PentiumIII Processor Driver) - F:\WINDOWS\system32\drivers\p3.sys
0R PxHelp20 - F:\WINDOWS\system32\drivers\PxHelp20.sys
3R S3SAVAGE4M - F:\WINDOWS\system32\drivers\s3sav4m.sys
3S SABProcEnum - F:\Program Files\Internet Explorer\SABProcEnum.sys (not found)
1R SASDIFSV - F:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3S SASENUM - F:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
3R SAVRT - F:\Program Files\Norton AntiVirus\savrt.sys
1R SAVRTPEL - F:\Program Files\Norton AntiVirus\savrtpel.sys
3R sermouse (Serial Mouse Driver) - F:\WINDOWS\system32\drivers\sermouse.sys
3R SymEvent - F:\Program Files\Symantec\SYMEVENT.SYS
2R symlcbrd - F:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMREDRV - F:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - F:\WINDOWS\system32\drivers\symtdi.sys
3S usbprint (Microsoft USB PRINTER Class) - F:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB Mass Storage Driver) - F:\WINDOWS\system32\drivers\USBSTOR.SYS
3R USB_RNDIS (USB Remote NDIS Network Device Driver) - F:\WINDOWS\system32\drivers\usb8023.sys
0R viaagp (VIA AGP Bus Filter) - F:\WINDOWS\system32\drivers\VIAAGP.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S Adobe LM Service - "F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2R AVG Anti-Spyware Guard - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2R LexBceS (LexBce Server) - F:\WINDOWS\system32\LEXBCES.EXE
2R navapsvc (Norton AntiVirus Auto Protect Service) - "F:\Program Files\Norton AntiVirus\navapsvc.exe"
2R NProtectService (Norton Unerase Protection) - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
3R SAVScan - F:\Program Files\Norton AntiVirus\SAVScan.exe
2S SBService (ScriptBlocking Service) - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3S SCardDrv (Smart Card Helper) - F:\WINDOWS\System32\SCardSvr.exe
3S SNDSrvc (Symantec Network Drivers Service) - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
2R Symantec Core LC - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2S SymWSC (SymWMI Service) - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
3S UMWdf (Windows User Mode Driver Framework) - F:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Upload Manager) - F:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-03-10 04:06:21 414 --a------ F:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-03-09 23:14:30 532 --a------ F:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job<NORTON~1.JOB>


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-09 23:34:51 0 d-------- F:\WINDOWS\LastGood
2007-03-09 03:00:23 0 d-------- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-09 02:40:45 0 d-------- F:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-03-09 00:57:30 0 dr-h----- F:\Documents and Settings\Administrator\Application Data\yahoo!
2007-03-07 01:19:48 0 d-------- F:\Documents and Settings\Shelli\Application Data\AdobeUM
2007-03-06 00:55:42 0 --a------ F:\WINDOWS\System32\CMMGR32.EXE
2007-03-05 23:29:27 0 d-------- F:\Documents and Settings\Shelli\Application Data\Lavasoft
2007-03-05 22:13:29 0 d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-05 22:13:05 0 d-------- F:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-03-05 22:13:04 0 d-------- F:\Documents and Settings\Shelli\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-05 13:45:58 0 d-------- F:\WINDOWS\System32\PreInstall<PREINS~1>
2007-03-05 13:45:51 22752 --a------ F:\WINDOWS\System32\spupdsvc.exe
2007-03-05 13:45:49 0 d--h----- F:\WINDOWS\$hf_mig$
2007-03-05 13:43:07 0 d-------- F:\WINDOWS\System32\bits
2007-03-05 13:40:15 158720 -----n--- F:\WINDOWS\System32\xpob2res.dll
2007-03-05 13:40:15 17408 --a------ F:\WINDOWS\System32\qmgrprxy.dll
2007-03-05 13:40:15 7168 -----n--- F:\WINDOWS\System32\bitsprx3.dll
2007-03-05 13:40:15 7680 -----n--- F:\WINDOWS\System32\bitsprx2.dll
2007-03-05 13:40:14 331776 --a------ F:\WINDOWS\System32\winhttp.dll
2007-03-05 13:31:19 18200 --a------ F:\WINDOWS\System32\wups2.dll
2007-03-05 13:31:19 41240 --a------ F:\WINDOWS\System32\wups.dll
2007-03-05 13:31:19 127256 --a------ F:\WINDOWS\System32\wucltui.dll
2007-03-05 13:31:18 194328 --a------ F:\WINDOWS\System32\wuaueng1.dll
2007-03-05 13:31:15 172312 --a------ F:\WINDOWS\System32\wuauclt1.exe
2007-03-05 13:31:13 465176 --a------ F:\WINDOWS\System32\wuapi.dll
2007-03-05 13:18:01 0 d-------- F:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-05 13:04:52 0 d-------- F:\Program Files\Lavasoft
2007-03-05 13:03:52 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-05 03:50:53 0 d-------- F:\Hoster
2007-03-05 03:42:07 0 d-------- F:\BFU
2007-03-05 03:26:51 3968 --a------ F:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-03-05 03:26:43 0 d-------- F:\Program Files\Grisoft
2007-03-04 17:27:37 69 --a-s---- F:\WINDOWS\url1.bat
2007-02-27 18:26:31 198424 --a------ F:\WINDOWS\System32\iuengine.dll
2007-02-23 19:52:11 0 d--h----- F:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-23 19:50:34 0 d-------- F:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-14 12:37:15 17664 --a------ F:\WINDOWS\System32\drivers\sermouse.sys
2007-02-12 14:21:11 0 d-------- F:\Program Files\PCPitstop<PCPITS~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-05 13:31:25 0 d--h----- F:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-28 06:32:04 0 d-------- F:\Program Files\Norton AntiVirus<NORTON~1>
2007-02-23 21:06:38 0 d-------- F:\Documents and Settings\Shelli\Application Data\Adobe
2007-02-23 21:05:02 0 d-------- F:\Program Files\Common Files\Adobe
2007-02-14 10:34:21 0 dr-h----- F:\Documents and Settings\Shelli\Application Data\yahoo!
2007-02-14 09:31:54 0 d---s---- F:\Documents and Settings\Shelli\Application Data\Microsoft<MICROS~1>
2007-02-07 03:42:00 0 d-------- F:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-07 03:38:39 0 d-------- F:\Program Files\Messenger<MESSEN~1>
2007-02-07 03:37:42 0 d-------- F:\Program Files\Yahoo!
2007-02-07 02:17:54 0 d-------- F:\Program Files\SymNetDrv<SYMNET~1>
2007-02-03 00:23:00 0 d-------- F:\Program Files\QuickTime<QUICKT~1>
2007-01-31 00:27:58 0 d-------- F:\Program Files\PokerStars<POKERS~1>
2007-01-29 05:51:18 2176 --a------ F:\WINDOWS\System32\d3d9caps.dat
2007-01-28 22:39:23 0 d-------- F:\Program Files\TaxCut06
2007-01-26 20:15:50 118784 --a------ F:\WINDOWS\System32\pdfmona.dll
2007-01-26 20:15:50 51716 --a------ F:\WINDOWS\System32\pdf995mon.dll<PDF995~1.DLL>
2007-01-22 00:25:53 0 d-------- F:\Program Files\PokerStars.NET<POKERS~1.NET>
2007-01-16 18:18:34 0 d-------- F:\Program Files\Microsoft ActiveSync<MICROS~3>
2006-12-17 04:09:10 69 --a-s---- F:\WINDOWS\test.bat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="F:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="F:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="F:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"Advanced Tools Check"="F:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="F:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="F:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"LXSUPMON"="F:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"PC Pitstop Optimize Scheduler"="F:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{90A6A988-03E8-1033-1109-000720990001}"="\"F:\\Program Files\\Common Files\\{90A6A988-03E8-1033-1109-000720990001}\\Update.exe\" te-110-12-0000213"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-10 at 05:13:10 ------------------------

Supplementary:

ComboScan v20070306.20 run by Shelli on 2007-03-10 at 05:12:16
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 255.49 MiB / 111.37 MiB
Pagefile Memory (total/avail): 618.56 MiB / 354.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2009.29 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 1.95 GiB total, 1.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 26.66 GiB total, 22.06 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Shelli\Application Data
CLASSPATH=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=MICHELLE-U4EVNL
ComSpec=F:\WINDOWS\system32\cmd.exe
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Shelli
LOGONSERVER=\\MICHELLE-U4EVNL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\QuickTime\QTSystem\;F:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Shelli\LOCALS~1\Temp
TMP=F:\DOCUME~1\Shelli\LOCALS~1\Temp
USERDOMAIN=MICHELLE-U4EVNL
USERNAME=Shelli
USERPROFILE=F:\Documents and Settings\Shelli
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Shelli (admin)
Matthew (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> F:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> F:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> F:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 -->
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Advanced Tools -->
AVG Anti-Spyware 7.5 --> F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
HijackThis 1.99.1 --> F:\Documents and Settings\Shelli\Desktop\HijackThis.exe /uninstall
Lexmark Supplies Monitor --> F:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Z23-Z33 --> F:\WINDOWS\System32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33
LiveReg (Symantec Corporation) --> F:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Nero Suite --> F:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Norton AntiVirus 2004 Professional --> MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
Norton AntiVirus 2004 Professional (Symantec Corporation) --> F:\Program Files\Common Files\Symantec Shared\SymSetup\{C6B28661-7910-442E-ADDD-72EAA8395380}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PC Pitstop Optimize 1.5 --> "F:\Program Files\PCPitstop\Optimize\unins000.exe"
PokerStars --> F:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PokerStars.net --> F:\Program Files\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Spybot - Search & Destroy 1.4 --> "F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Network Drivers Update -->
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
TaxCut Basic 2006 --> F:\PROGRA~1\TaxCut06\Program\removetc.exe
WebFldrs XP -->
Winamp (remove only) --> "F:\Program Files\Winamp\UninstWA.exe"
Yahoo! Toolbar -->
Yahoo! Toolbar --> F:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of ComboScan: finished at 2007-03-10 at 05:13:10 ------------------------
Shelli

#8 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 10 March 2007 - 12:49 PM

Hi again, we'll continue :thumbsup:
Some leftovers....

You should print these instructions or save these to a text file. Follow these instructions carefully.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
Then you may remove the "Advanced Tools" and "Yahoo! Toolbar" entries from the uninstall list if you want open HijackThis.
  • Open the Misc Tools section
  • Open Uninstall Manager
  • Scroll down to the following entry and select it with your mouse; Yahoo! Toolbar
  • Delete this entry
  • Answer Yes
  • Scroll down to the following entry and select it with your mouse; Advanced Tools
  • Delete this entry
  • Answer Yes
  • Close HIjackThis
==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
PokerStars
PokerStars.net

and any other programs you didn't install or don't recognize - if your not sure please ask first

Go to the My Computer and delete the following folders (if present):
F:\Program Files\PokerStars
F:\Program Files\PokerStars.NET
F:\Program Files\Common Files\{90A6A988-03E8-1033-1109-000720990001

Go to virustotal.com
Copy the following to the box next to "Browse" button:
F:\WINDOWS\System32\CMMGR32.EXE
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

Do you know anything about these two files?
F:\WINDOWS\url1.bat
F:\WINDOWS\test.bat

If not, rightclick with your mouse, choose Edit and paste the contents of the files to here.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#9 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 10 March 2007 - 11:34 PM

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.


Done

Then you may remove the "Advanced Tools" and "Yahoo! Toolbar" entries from the uninstall list if you want open HijackThis.
Open the Misc Tools section
Open Uninstall Manager
Scroll down to the following entry and select it with your mouse; Yahoo! Toolbar
Delete this entry
Answer Yes
Scroll down to the following entry and select it with your mouse; Advanced Tools
Delete this entry
Answer Yes
Close HIjackThis[/code]


Not done. They are not showing up in HijackThis, but they are still showing up in my Add/remove program list.

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
PokerStars
PokerStars.net


Not done. These are programs that I installed, and I use both of them (different types of games).

Go to the My Computer and delete the following folders (if present):
F:\Program Files\PokerStars
F:\Program Files\PokerStars.NET
F:\Program Files\Common Files\{90A6A988-03E8-1033-1109-000720990001


Not done. PokerStars, both, I am keeping. The last one did not show up in the common files directory. Should I look for it elsewhere, or does it have to do with removal of PokerStars?

Go to virustotal.com
Copy the following to the box next to "Browse" button:
F:\WINDOWS\System32\CMMGR32.EXE
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.


Confused. Was I to copy the whole line? If so, the results are as follows:

0 bytes size received / Se ha recibido un archivo vacio


Do you know anything about these two files?
F:\WINDOWS\url1.bat
F:\WINDOWS\test.bat

If not, rightclick with your mouse, choose Edit and paste the contents of the files to here.


No, I know nothing about these files. What could they be? If I have to delete them, and we don't know what they are, could that mess up my system?

F:\WINDOWS\url1.bat

:Repeat
del C:\15672103.exe
if exist C:\15672103.exe goto Repeat



F:\WINDOWS\test.bat

:Repeat
del C:\43953948.exe
if exist C:\43953948.exe goto Repeat


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There's alot of info here. I hope it's all layed out nice for ya, and that everything is understandable. Again, thank you for all your help!! :thumbsup:
Shelli

#10 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 11 March 2007 - 02:20 PM

Hi again :thumbsup:

Ok you may keep PokerStars if you want. It is on the uninstall list.

Delete these files if found:
F:\WINDOWS\System32\CMMGR32.EXE
F:\WINDOWS\url1.bat
F:\WINDOWS\test.bat

The leftovers in the Add/Remove Programs list are harmless....


How is the computer running at the moment?

Edited by Mr_JAk3, 11 March 2007 - 02:32 PM.

UNITE & ASAP member since 2006
Posted Image
Posted Image

#11 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 11 March 2007 - 09:25 PM

My system has been running great for the past couple of days, ever since you had me remove some leftovers with HJT. Every tweak makes it run better and better. I'm amazed, my browser opens in the blink of an eye now, where it used to take up to a full 60 seconds for one browser window.

So, what's next? Are we done, or is there something else I should do?
Shelli

#12 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 12 March 2007 - 02:40 PM

Well looks clean now :thumbsup:

Then the first priority is to visit Windows Update and get your system updated
-> At first, install Win XP Service Pack 2 Update
-> Reboot and get back to the Windows Update
-> Install all remaining important updates
(NOTE: You'll propably have to reboot and get back to the update several times before all of them are installed)

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:You can remove the tools we used.

Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:Stay clean and be safe ;)
UNITE & ASAP member since 2006
Posted Image
Posted Image

#13 BikoBoo

BikoBoo
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Paradise, PA, USA
  • Local time:03:26 AM

Posted 13 March 2007 - 09:39 PM

Thank you so very much for all your help!! My computer is running great now! :-)

As far as firewalls go, I used ZoneAlarm a while back, and it caused me so much trouble, I swore I'd never use another firewall again. It really soured me on firewalls. For the time being, I think I'll stick to my "no firewall" policy, even though it may bite me in the butt later on. I am using the Windows XP firewall, so I have some safety.

As for the list of things to keep me safely running, I have already done them all, with the exception of the hosts file. I know nothing about that, and when I was reading, it said something about possibly causing problems with DNS. So now I'm a little scared to mess with it. Is it easy to use, or is it for more advanced users? I'm sure if I spend enough time learning about it, I can figure it out, but I don't want to mess up anything with my system that I can fix later on. If I screw up my DNS, I might not be able to get online, and that would seriously hurt! :-D

Anyway, thank you again, from the bottom of my heart!! I wish there was some other way I could thank you, but I don't know any way except a genuine THANK YOU!!

So....
THANK YOU!!!
Shelli

#14 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:10:26 AM

Posted 15 March 2007 - 04:15 AM

You're very welcome, nice that we were able to help :flowers:

Well you don't have to install the hosts file if you dont want. The "problem with DNS" is that your computer may get very slow when using the hosts file. This can be easily solved by following the instructions in the "Editor's note"

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

To resolve this issue (manually) open the "Services Editor"

* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties
* Click the drop-down arrow for "Startup type"
* Select: Manual, or Disabled (recommended) click Apply/Ok and restart. [more info]

When set to Manual you can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column. There are several Utilities that can reset the DNS Client for you ...


:thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users