Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I've been Highjacked [RESOLVED]


  • This topic is locked This topic is locked

#1
KennyBoo

KennyBoo

    New Member

  • Member
  • Pip
  • 9 posts
Hi my home page and wallpaper has been highjacked. Here is my log file. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 5:25:26 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\addnn32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Xoodil\Msbzq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\addde32.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jmcwm.dll/sp.html#87649
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4BEAA19D-FD26-85FF-512E-68F2589DCBD9} - C:\WINDOWS\addry32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wgeueq] C:\Program Files\Xoodil\Msbzq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [addde32.exe] C:\WINDOWS\system32\addde32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...US_ZUYYYYYYYYUS
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addnn32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Edited by KennyBoo, 29 June 2005 - 04:26 PM.

  • 0

Advertisements


#2
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I have a quick question. I know you guys are very busy working hard helping a lot of people with there comp problems. I see a lot of people have the same problem as I have with there wallpaper and homepage being highjacked. I was wondering if I can just follow the steps yall gave them to fix my problem or does it make a difference cause my Highjackthis Log File will be different from theres? In other words is it best to just wait for someone to directly help me or can I hurt my PC even more by following the steps of other peoples logfile? Thanks in advance.
  • 0

#3
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Your best bet is to wait for someone to help you specifically. Even though you may find another person being helped with a cool web search infection, it may be a different cws variant and wont work for you.

Now that I have spotted you, lets get to work.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck

ScHwErV :tazz:
  • 0

#4
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi ScHwErV, thanks for the reply. I am at work till 3:30 PM Central time. What I will do is print your instuctions out and when I get off work I will follow your instuctions step by step and reply back to you. Thanks again and have a nice day!
  • 0

#5
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Did everything step by step and seems like it didn't help at all. I still have the DANGER wallpaper and now my IE won't even open at all. I noticed when I ran CWShredder my computer restated in the middle of it, so I ran it again (in safe mode) and it restarted again, I am guessing it isn't supposed to do that?? Anyways here are the logs you requested. I can't do an online virus scan because it is asking for IE Browser and I can't use IE for some reason, here are the ther log files.

SpSeHjfix Log

(6/30/05 3:48:14 PM) SPSeHjFix started v1.1.2
(6/30/05 3:48:14 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/30/05 3:48:14 PM) Language: english
(6/30/05 3:48:14 PM) Win-Path: C:\WINDOWS
(6/30/05 3:48:14 PM) System-Path: C:\WINDOWS\system32
(6/30/05 3:48:14 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\


(6/30/05 3:48:40 PM) SPSeHjFix started v1.1.2
(6/30/05 3:48:40 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/30/05 3:48:40 PM) Language: english
(6/30/05 3:48:40 PM) Win-Path: C:\WINDOWS
(6/30/05 3:48:40 PM) System-Path: C:\WINDOWS\system32
(6/30/05 3:48:40 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\


(6/30/05 4:03:23 PM) SPSeHjFix started v1.1.2
(6/30/05 4:03:23 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/30/05 4:03:23 PM) Language: english
(6/30/05 4:03:23 PM) Win-Path: C:\WINDOWS
(6/30/05 4:03:23 PM) System-Path: C:\WINDOWS\system32
(6/30/05 4:03:23 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(6/30/05 4:03:33 PM) Disinfection started
(6/30/05 4:03:33 PM) Bad-Dll(IEP): c:\windows\system32\jmcwm.dll
(6/30/05 4:03:33 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:03:33 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:03:33 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\system32\jmcwm.dll/sp.html#87649
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\jmcwm.dll/sp.html#87649
(6/30/05 4:03:33 PM) Stealth-String not found
(6/30/05 4:03:33 PM) No locked Files to delete. End without Reboot
(6/30/05 4:03:42 PM) Disinfection started
(6/30/05 4:03:42 PM) Bad-Dll(IEP): c:\windows\system32\jmcwm.dll
(6/30/05 4:03:42 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:03:42 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:03:42 PM) Bad IE-pages: (none)
(6/30/05 4:03:42 PM) Stealth-String not found
(6/30/05 4:03:42 PM) No locked Files to delete. End without Reboot


(6/30/05 4:04:00 PM) SPSeHjFix started v1.1.2
(6/30/05 4:04:00 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/30/05 4:04:00 PM) Language: english
(6/30/05 4:04:00 PM) Win-Path: C:\WINDOWS
(6/30/05 4:04:00 PM) System-Path: C:\WINDOWS\system32
(6/30/05 4:04:00 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(6/30/05 4:04:00 PM) Disinfection started
(6/30/05 4:04:00 PM) Bad-Dll(IEP): (not found)
(6/30/05 4:04:00 PM) Bad-Dll(IEP) in BHO: (not found)
(6/30/05 4:04:00 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:04:01 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:04:01 PM) Bad IE-pages: (none)
(6/30/05 4:04:01 PM) Stealth-String not found
(6/30/05 4:04:01 PM) Not infected->END


(6/30/05 4:31:11 PM) SPSeHjFix started v1.1.2
(6/30/05 4:31:11 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/30/05 4:31:11 PM) Language: english
(6/30/05 4:31:11 PM) Win-Path: C:\WINDOWS
(6/30/05 4:31:11 PM) System-Path: C:\WINDOWS\system32
(6/30/05 4:31:11 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(6/30/05 4:31:14 PM) Disinfection started
(6/30/05 4:31:14 PM) Bad-Dll(IEP): (not found)
(6/30/05 4:31:14 PM) Bad-Dll(IEP) in BHO: (not found)
(6/30/05 4:31:14 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:31:14 PM) UBF: 7 - UBB: 3 - UBR: 26
(6/30/05 4:31:14 PM) Bad IE-pages: (none)
(6/30/05 4:31:14 PM) Stealth-String not found
(6/30/05 4:31:14 PM) Not infected->END

HighJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 4:48:14 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Xoodil\Msbzq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4BEAA19D-FD26-85FF-512E-68F2589DCBD9} - C:\WINDOWS\addry32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wgeueq] C:\Program Files\Xoodil\Msbzq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...US_ZUYYYYYYYYUS
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addnn32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  • 0

#6
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK I got my IE fixed by doing a Windows Update. Looks like my Homepage is working fine now, unfortunatly my Wallpaper is still Highjacked with the Danger warning. Here is my latest HJT Log File

Logfile of HijackThis v1.99.1
Scan saved at 10:55:50 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Xoodil\Msbzq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pogo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4BEAA19D-FD26-85FF-512E-68F2589DCBD9} - C:\WINDOWS\addry32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wgeueq] C:\Program Files\Xoodil\Msbzq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...US_ZUYYYYYYYYUS
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120189320062
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addnn32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  • 0

#7
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Good work, getting everything back working. Your log looks a ton better than when we started.

Not sure why CWShredder failed. Lets get you cleaned up and then see if you can run it.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: Class - {4BEAA19D-FD26-85FF-512E-68F2589DCBD9} - C:\WINDOWS\addry32.dll (file missing)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wgeueq] C:\Program Files\Xoodil\Msbzq.exe
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O8 - Extra context menu item: &Search - http://bar.mywebsear...US_ZUYYYYYYYYUS

SpyFighter is a rogue antispyware program and I highly recommend you remove it.

false positives work as goad to purchase; advertises through adware


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

SpyFighter

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Xoodil

Please delete these files using Windows Explorer(if present):

Search for and find - ShowWnd.exe
Start - Search - For files and folders

After that, Reboot.

Now in normal windows, see if you can run CWShredder and then repost with how things went and a fresh HiJackThis log.
  • 0

#8
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok I followed step by step and everything went well until I ran CWShredder. It rebooted my PC again on it's own. My Wallpaper/Desktop is still Highjacked and it takes a little longer for Windows to boot up than normal. IE works great, my hompage is what I set it to be. Here is my latest HJT Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 3:51:29 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pogo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120189320062
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addnn32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  • 0

#9
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Right click Here and click Save Target As. Save the file to your desktop. Double click on the file you saved to run it. It will ask you if you want to merge it with your registry. Click Yes and then Ok on the confirmation. You will have to reboot for this to take effect.

After that, reboot and post a fresh HiJackThis log and let me know how things are working.

ScHwErV :tazz:
  • 0

#10
KennyBoo

KennyBoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you so much ScHwErV! The Highjackers have released my Wallpaper back into my custody!!! Eveything seems to be working great now. Latest HJT Log File

Logfile of HijackThis v1.99.1
Scan saved at 4:05:21 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pogo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120189320062
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\addnn32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  • 0

#11
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Great! Clean log!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

ScHwErV :tazz:
  • 0

#12
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP