1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: nscanada spyware

Discussion in 'Virus & Other Malware Removal' started by Rockin65, Jul 23, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Rockin65

    Rockin65 Thread Starter

    Joined:
    Jul 23, 2006
    Messages:
    7
    same problem as michael9009 posted on 8 July 06.
    While the server was down I noticed a dialogue box appearing repeatedly saying cannot connect to spui.nscanada.mercurial.ca. After searching my entire computer for the root of this command I came up empty and look to your for help removing it. I'll post my log file from hijackthis...

    Logfile of HijackThis v1.99.1
    Scan saved at 5:59:03 PM, on 23/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = C:\WINNT\System32\SWPortal.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [New Csnm Manager] csmn.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
    O4 - HKLM\..\RunServices: [New Csnm Manager] csmn.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [New Csnm Manager] csmn.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\RunServices: [New Csnm Manager] csmn.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bc3089ff2102c09603/netzip/RdxIE601.cab
    O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - https://www.eblvd.com/control/ebie.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124429843450
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Mouse Synchronization (mousesync) - Unknown owner - C:\WINNT\system32\mousesync.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Thank you,

    Rockin65
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,112
    you got a couple infections, at least, in there. Wait for a security expert to meander by and parse your log for you.

    v
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  4. Rockin65

    Rockin65 Thread Starter

    Joined:
    Jul 23, 2006
    Messages:
    7
    I had problems installing spy sweeper, but did get the scan complete. It wouldn't stop rebooting my computer after install. Anyway, I scanned it without rebooting which was successful. Log file follows with hijack this log as well. Thanking you in advance. PS. I didn't see the original culprit spui.nscanada.mercurial.ca in the list, but certainly lots of others.

    11:28 AM: Removal process completed. Elapsed time 00:01:35
    11:27 AM: Quarantining All Traces: gain - common components
    11:27 AM: Quarantining All Traces: whenu weathercast
    11:27 AM: Quarantining All Traces: whenu save
    11:27 AM: Quarantining All Traces: crush
    11:27 AM: Quarantining All Traces: bullguard popup ad
    11:27 AM: Quarantining All Traces: ie access
    11:27 AM: Quarantining All Traces: targetsaver
    11:27 AM: Quarantining All Traces: ist sidefind
    11:27 AM: Quarantining All Traces: couponsandoffers
    11:27 AM: Quarantining All Traces: ist software
    11:27 AM: Quarantining All Traces: 7adpower dialer
    11:27 AM: Quarantining All Traces: trojan-downloader-centim
    11:26 AM: Quarantining All Traces: switchdialer
    11:26 AM: Quarantining All Traces: ist slotchbar
    11:26 AM: Quarantining All Traces: hotbar
    11:26 AM: Quarantining All Traces: ist istbar
    11:26 AM: Quarantining All Traces: cws-aboutblank
    11:26 AM: Removal process initiated
    11:24 AM: Traces Found: 68
    11:24 AM: Full Sweep has completed. Elapsed time 00:41:44
    11:24 AM: File Sweep Complete, Elapsed Time: 00:36:48
    11:17 AM: Warning: Failed to access drive E:
    11:17 AM: Warning: Failed to access drive D:
    11:17 AM: C:\WINNT\dset.dat (ID = 54774)
    11:17 AM: Found Adware: crush
    11:16 AM: c:\winnt\downloaded program files\istprotect.inf (ID = 76128)
    11:16 AM: Found Adware: ist istbar
    11:16 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\bundle.inf (ID = 61287)
    11:16 AM: Found Adware: gain - common components
    11:16 AM: C:\WINNT\system32\exit.csi (ID = 77844)
    11:16 AM: C:\WINNT\system32\Options.csi (ID = 77861)
    11:16 AM: C:\WINNT\system32\Disconnect.csi (ID = 77841)
    11:16 AM: Warning: Failed to open file "c:\documents and settings\administrator.williams\application data\mozilla\firefox\profiles\ij4oy3fh.default\parent.lock". The operation completed successfully
    11:16 AM: C:\WINNT\system32\Reconnect.csi (ID = 77874)
    11:16 AM: C:\WINNT\system32\Cancel.csi (ID = 77839)
    11:16 AM: C:\WINNT\system32\PortalOff.csi (ID = 77872)
    11:16 AM: C:\WINNT\system32\PortalOn.csi (ID = 77873)
    11:15 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\GLFD42GLFD42.EXE (ID = 78278)
    11:14 AM: Warning: Failed to open file "c:\program files\norton antivirus\savrt\0802nav~.tmp". The operation completed successfully
    11:13 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\5216.exe (ID = 247339)
    11:12 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\5687.exe (ID = 247339)
    11:12 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\7545.exe (ID = 247339)
    11:12 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\20723.exe (ID = 247339)
    11:12 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\10656.exe (ID = 247339)
    11:11 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\GLF972GLF972.EXE (ID = 78278)
    11:10 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\12305.exe (ID = 247339)
    11:10 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\24639.exe (ID = 247339)
    11:09 AM: c:\recycler\s-1-5-21-1275210071-113007714-1060284298-500\dc18\bulldownload.exe (ID = 52017)
    11:09 AM: Found Adware: bullguard popup ad
    11:09 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\548.exe (ID = 247339)
    11:08 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\30195.exe (ID = 247339)
    11:08 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\12302.exe (ID = 247339)
    11:07 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\4421.exe (ID = 247339)
    11:04 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\12525.exe (ID = 247339)
    11:04 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\22488.exe (ID = 247339)
    11:04 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\22485.exe (ID = 247339)
    11:03 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\24572.exe (ID = 247339)
    11:03 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\12531.exe (ID = 247339)
    11:03 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\262.exe (ID = 247339)
    11:01 AM: C:\WINNT\system32\IEAccess2.dll (ID = 62617)
    11:01 AM: Found Adware: ie access
    11:00 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\24408.exe (ID = 247339)
    10:59 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\5060.exe (ID = 247339)
    10:59 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\24568.exe (ID = 247339)
    10:58 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\4110.exe (ID = 247339)
    10:58 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\6747.exe (ID = 247339)
    10:58 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\2117.exe (ID = 247339)
    10:57 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\27879.exe (ID = 247339)
    10:57 AM: C:\System Volume Information\_restore{ce47634e-3cbe-4480-9e52-07aaf9827a8e}\RP54\A0066264.exe (ID = 277743)
    10:57 AM: Found Adware: whenu weathercast
    10:56 AM: C:\System Volume Information\_restore{ce47634e-3cbe-4480-9e52-07aaf9827a8e}\RP54\A0066262.exe (ID = 276504)
    10:56 AM: Found Adware: whenu save
    10:52 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\GLF12GLF12.EXE (ID = 78278)
    10:52 AM: Found Adware: targetsaver
    10:51 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\861.exe (ID = 247339)
    10:49 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\17254.exe (ID = 247339)
    10:49 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\953.exe (ID = 247339)
    10:48 AM: C:\Documents and Settings\Administrator.WILLIAMS\Local Settings\Temp\31982.exe (ID = 247339)
    10:48 AM: Found Trojan Horse: trojan-downloader-centim
    10:47 AM: Starting File Sweep
    10:47 AM: Warning: Failed to access drive A:
    10:47 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    10:47 AM: Starting Cookie Sweep
    10:47 AM: Registry Sweep Complete, Elapsed Time:00:01:03
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\main\ || startpagina (ID = 143489)
    10:47 AM: Found Adware: switchdialer
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
    10:47 AM: Found Adware: ist sidefind
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
    10:47 AM: Found Adware: cws-aboutblank
    10:47 AM: HKU\S-1-5-21-1275210071-113007714-1060284298-500\software\microsoft\internet explorer\menuext\coupons\ (ID = 112527)
    10:47 AM: Found Adware: couponsandoffers
    10:47 AM: HKLM\software\classes\spamblockerconfig.application.1\ (ID = 968867)
    10:47 AM: HKCR\spamblockerconfig.application.1\ (ID = 968312)
    10:47 AM: HKLM\software\classes\istprotect.protecter.1\ (ID = 542117)
    10:47 AM: HKCR\istprotect.protecter.1\ (ID = 542113)
    10:47 AM: HKCR\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (ID = 141844)
    10:47 AM: HKLM\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d10}\ (ID = 141839)
    10:47 AM: HKLM\software\classes\istprotect.protecter\ (ID = 141837)
    10:47 AM: HKLM\software\classes\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (ID = 141833)
    10:47 AM: HKCR\istprotect.protecter\ (ID = 141831)
    10:47 AM: Found Adware: ist software
    10:47 AM: HKCR\clsid\{4418dd4d-7265-4c32-bc0a-3fdb3c2da938}\ (ID = 141827)
    10:47 AM: Found Adware: ist slotchbar
    10:46 AM: HKCR\spamblockerconfig.application\ (ID = 127634)
    10:46 AM: HKLM\software\classes\spamblockerconfig.application\ (ID = 127536)
    10:46 AM: HKLM\software\classes\clsid\{204f937e-519e-4597-96fa-8f1f59f3cb6d}\ (ID = 127413)
    10:46 AM: HKCR\clsid\{204f937e-519e-4597-96fa-8f1f59f3cb6d}\ (ID = 127250)
    10:46 AM: Found Adware: hotbar
    10:46 AM: HKLM\software\classes\interface\{66bd1bd0-3655-42e4-8ce9-16d3613b0b25}\ (ID = 102200)
    10:46 AM: HKLM\software\classes\interface\{12e919bc-c70f-432b-b831-1180de734505}\ (ID = 102195)
    10:46 AM: HKCR\interface\{66bd1bd0-3655-42e4-8ce9-16d3613b0b25}\ (ID = 102140)
    10:46 AM: Found Adware: 7adpower dialer
    10:46 AM: Starting Registry Sweep
    10:46 AM: Memory Sweep Complete, Elapsed Time: 00:03:36
    10:42 AM: Starting Memory Sweep
    10:42 AM: Sweep initiated using definitions version 691
    10:42 AM: Spy Sweeper 5.0.5.1286 started
    10:42 AM: | Start of Session, July 24, 2006 |
    ********
    10:42 AM: | End of Session, July 24, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    10:38 AM: Shield States
    10:38 AM: Spyware Definitions: 691
    10:37 AM: Spy Sweeper 5.0.5.1286 started
    10:37 AM: Spy Sweeper 5.0.5.1286 started
    10:37 AM: | Start of Session, July 24, 2006 |
    ********

    Logfile of HijackThis v1.99.1
    Scan saved at 12:35:16 PM, on 24/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
    O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [New Csnm Manager] csmn.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
    O4 - HKLM\..\RunServices: [New Csnm Manager] csmn.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [New Csnm Manager] csmn.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\RunServices: [New Csnm Manager] csmn.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bc3089ff2102c09603/netzip/RdxIE601.cab
    O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - https://www.eblvd.com/control/ebie.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124429843450
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Mouse Synchronization (mousesync) - Unknown owner - C:\WINNT\system32\mousesync.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE

    O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe

    O4 - HKLM\..\Run: [New Csnm Manager] csmn.exe

    O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe

    O4 - HKLM\..\RunServices: [New Csnm Manager] csmn.exe

    O4 - HKCU\..\Run: [New Csnm Manager] csmn.exe

    O4 - HKCU\..\RunServices: [New Csnm Manager] csmn.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19bc3089...p/RdxIE601.cab

    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

    O23 - Service: Mouse Synchronization (mousesync) - Unknown owner - C:\WINNT\system32\mousesync.exe (file missing)
    ================
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Mouse Synchronization

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
    ==============

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINNT\system32\csmn.exe
    C:\WINNT\system32\msawindows.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  6. Rockin65

    Rockin65 Thread Starter

    Joined:
    Jul 23, 2006
    Messages:
    7
    I have completed the suggested tasks. The killbox thing didn't work since the error message "...does not exist" came up for both files. I'm hoping that the exercise was helpful to eliminate some of the spyware and whatever else you asked me to do this past time. Is there a way to see that I no longer have the original file spui.nscanada.mercurial.ca?

    This is the HJT log file after returning to normal mode...

    Logfile of HijackThis v1.99.1
    Scan saved at 6:09:22 PM, on 24/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
    O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - https://www.eblvd.com/control/ebie.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124429843450
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. Rockin65

    Rockin65 Thread Starter

    Joined:
    Jul 23, 2006
    Messages:
    7
    Didn't do restore since I'm running 2000 and directions were for XP. Everything is good. Thanks very much. I'll post that we are clean again.
    Rockin65
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,112
    thanks, mfd.......
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Ooops sorry about that

    Welcome Valis
     
  11. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,112
    sorry about what? I'm still a-learning hte hjt stuff over at gtg....watching you, flavalee, cookie, flman1, and cheese, I'm learning more and more daily. Fun to watch.
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    No that was for the OP - gettting them to do restore points on W2K
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485759

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice