Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vx2,akrules,error32,mirka4e and more!


  • Please log in to reply

#1
evrrdy

evrrdy

    New Member

  • Member
  • Pip
  • 2 posts
I have no idea where to go from here. I'm so thoroughly frustrated that I'm ready to fully reinstall Windows and just be done with it.

Ok, to start, I ran Norton. It detected absolutely nothing.
Then Ad-Aware.

This is a list of the "bad stuff" it found.

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 612
ThreadCreationTime : 1/6/2005 7:47:17 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 1/6/2005 7:47:21 PM
BasePriority : High


VX2 Object Recognized!
Type : Process
Data : f6j20g1oe6.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! VX2 Object found in memory(C:\WINDOWS\system32\f6j20g1oe6.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 1/6/2005 7:47:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 1/6/2005 7:47:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 1/6/2005 7:47:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 1/6/2005 7:47:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [ctnotify.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 1704
ThreadCreationTime : 1/6/2005 7:48:28 PM
BasePriority : Normal
FileVersion : 2.00.05.0
ProductVersion : 2.0
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : CtNotify
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CtNotify.exe
Comments : CtNotify Entry

#:8 [mediadet.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 1820
ThreadCreationTime : 1/6/2005 7:48:29 PM
BasePriority : Normal
FileVersion : 2.00.08.0
ProductVersion : 2.00
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © Creative Technology Ltd. 2002
OriginalFilename : MediaDet.exe
Comments : Local Server

#:9 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 2020
ThreadCreationTime : 1/6/2005 7:49:15 PM
BasePriority : Normal
FileVersion : 3.1.0.312
ProductVersion : 3.1
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : swdr.exe

#:10 [wpabaln.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 292
ThreadCreationTime : 1/6/2005 7:49:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows WPA Balloon Reminder
InternalName : WPABALN.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WPABALN.EXE

#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1580
ThreadCreationTime : 1/6/2005 7:53:52 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:12 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2032
ThreadCreationTime : 1/6/2005 7:54:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

VX2 Object Recognized!
Type : Process
Data : guard.tmp
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)

"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1448
ThreadCreationTime : 1/6/2005 8:00:26 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Search Miracle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "kalvsys"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : kalvsys

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Search Miracle Object Recognized!
Type : File
Data : error32.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 22




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Narrator

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 23

3:18:00 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:27.407
Objects scanned:141237
Objects identified:3
Objects ignored:0
New critical objects:3

Then I ran Spyware Doctor

This is a log of that scan:
Scan Results:scan start: 1/6/2005 2:49:22 PM
scan stop: 1/6/2005 2:52:01 PM
scanned items: 102360
found items: 214
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



Infection Name Location Risk
WildTangent multiple Medium
AproposMedia HKLM\SOFTWARE\AutoLoader Medium
EasyWebSearch HKLM\SOFTWARE\180ax High
EasyWebSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180ax High
EliteBar HKCU\Software\LQ Elevated
EliteBar HKLM\SOFTWARE\Elitum\EliteToolBar Elevated
EliteBar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar Elevated
Elitum EliteBar (Search Miracle) HKCR\clsid\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} Elevated
Elitum EliteBar (Search Miracle) HKCR\clsid\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKCR\Interface\{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC} Elevated
Elitum EliteBar (Search Miracle) HKCR\interface\{dbf33e89-1784-42ac-ade4-a428f56550a3} Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17} Elevated
Elitum EliteBar (Search Miracle) HKLM\software\Elitum Elevated
Elitum EliteBar (Search Miracle) HKLM\software\microsoft\internet explorer\toolbar##{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKCU\software\microsoft\internet explorer\toolbar\webbrowser##{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar Elevated
PeopleOnPage/AproposMedia HKLM\software\autoloader High
WildTangent HKCR\WildTangent.ActiveLauncher Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1 Medium
WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\clsid\{0C097121-C5D6-47EB-841D-30BFF71A71C4} Medium
WildTangent HKCR\clsid\{3A7FE611-1994-4EF1-A09F-99456752289D} Medium
WildTangent HKCR\clsid\{65E7DB1D-0101-4100-BD66-C5C78C917F93} Medium
WildTangent HKCR\clsid\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Medium
WildTangent HKCR\clsid\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\clsid\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC} Medium
WildTangent HKCR\clsid\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} Medium
WildTangent HKCR\clsid\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Medium
WildTangent HKCR\clsid\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent HKCR\clsid\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} Medium
WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Medium
WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Medium
WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Medium
WildTangent HKCR\interface\{1fad572e-1a3d-44d9-9c23-a87f922da8c0} Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Medium
WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Medium
WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Medium
WildTangent HKCR\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} Medium
WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Medium
WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Medium
WildTangent HKCR\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} Medium
WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Medium
WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Medium
WildTangent HKCR\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} Medium
WildTangent HKCR\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} Medium
WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Medium
WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Medium
WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Medium
WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Medium
WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{d8e9ccf6-8e64-4e39-95ce-c5333fcfbd1f} Medium
WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Medium
WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Medium
WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Medium
WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Medium
WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Medium
WildTangent HKCR\logger.logsession Medium
WildTangent HKCR\logger.logsession.1 Medium
WildTangent HKCR\typelib\{11066f62-0388-458c-b7e7-47e824894f20} Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E} Medium
WildTangent HKCR\typelib\{7946205b-fef7-494f-a64b-3e992a780866} Medium
WildTangent HKCR\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad} Medium
WildTangent HKCR\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8} Medium
WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3} Medium
WildTangent HKCR\wdmhhost.wthoster Medium
WildTangent HKCR\wdmhhost.wthoster.1 Medium
WildTangent HKCR\wt.wtmultiplayer Medium
WildTangent HKCR\wt.wtmultiplayer.1 Medium
WildTangent HKCR\wt3d.wt Medium
WildTangent HKCR\wt3d.wt.1 Medium
WildTangent HKCR\wtdmmpv.wtdmmpversion Medium
WildTangent HKCR\wtdmmpv.wtdmmpversion.1 Medium
WildTangent HKCR\wtvis.wtvisreceiver Medium
WildTangent HKCR\wtvis.wtvisreceiver.1 Medium
WildTangent HKCR\wtvis.wtvissender Medium
WildTangent HKCR\wtvis.wtvissender.1 Medium
WildTangent HKCU\Software\WildTangent Medium
WildTangent HKLM\software\wildtangent Medium
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA Medium
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls##wtControlPanel Medium
Elitum EliteBar (Search Miracle) {28CAEFF3-0F18-4036-B504-51D73BD81ABC} Elevated
Elitum EliteBar (Search Miracle) {825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
WildTangent {0C097121-C5D6-47EB-841D-30BFF71A71C4} Medium
WildTangent {3A7FE611-1994-4EF1-A09F-99456752289D} Medium
WildTangent {65E7DB1D-0101-4100-BD66-C5C78C917F93} Medium
WildTangent {7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Medium
WildTangent {8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Medium
WildTangent {A62FA99E-922E-4ECA-A1D9-B54EF294A3CC} Medium
WildTangent {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} Medium
WildTangent {B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Medium
WildTangent {ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Medium
WildTangent {FA13A9FA-CA9B-11D2-9780-00104B242EA3} Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\bin\jdriver.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\bin\jDRM0302.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\bin\wtdmmp.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\bin\wtdmmpv.dll Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\lib\ext\DRM0302java.jar Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\lib\ext\wildtangent.jar Medium
WildTangent C:\Program Files\Java\j2re1.4.2_03\lib\ext\wtdmmpi.jar Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\ActiveLauncher.ini Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\ActiveLauncher0101.dll Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\CDAEngine0400.dll Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\CDALogger.dll Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\wt.ico Medium
WildTangent C:\Program Files\WildTangent\Apps\CDA\wtControlPanel.cpl Medium
WildTangent C:\Program Files\WildTangent\Apps\DRM0302.dll Medium
WildTangent C:\Program Files\WildTangent\Apps\DRM0302java.jar Medium
WildTangent C:\Program Files\WildTangent\Apps\rDRM0302.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtAppConfig0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtCache0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtCookie0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtDownloader0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtGameData0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtGUI0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtIO0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtKernel0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtLua0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtNetworking0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtScript0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtSerialization0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtStreamProcessing0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtSystem0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtSystemConfig0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtUserSupport0200.dll Medium
WildTangent C:\Program Files\WildTangent\Components\wtXml0200.dll Medium
WildTangent C:\WINDOWS\Downloaded Program Files\wtinst.inf Medium
WildTangent C:\WINDOWS\wt\data.wts Medium
WildTangent C:\WINDOWS\wt\updater\wcmdmgrl.exe Medium
WildTangent C:\WINDOWS\wt\updater\wt.ini Medium
WildTangent C:\WINDOWS\wt\WDInUsePlugin.dll Medium
WildTangent C:\WINDOWS\wt\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\sound.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar Medium
WildTangent C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini Medium
WildTangent C:\WINDOWS\wt\webdriver\jdriver.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\rdriver.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\wildtangent.jar Medium
WildTangent C:\WINDOWS\wt\webdriver\wtdmmp.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\wtdmmpi.jar Medium
WildTangent C:\WINDOWS\wt\webdriver\wtdmmpv.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\wthost.exe Medium
WildTangent C:\WINDOWS\wt\webdriver\wthostctl.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\wtmulti.dll Medium
WildTangent C:\WINDOWS\wt\webdriver\wtmulti.jar Medium
WildTangent C:\WINDOWS\wt\webdriver\wtwmplug.ax Medium
WildTangent C:\WINDOWS\wt\wt3d.dll Medium
WildTangent C:\WINDOWS\wt\wt3d.ini Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini Medium
WildTangent C:\WINDOWS\wt\wtvh.dll Medium
WildTangent C:\WINDOWS\wt\updater\wcmdmgr.exe Medium
WildTangent C:\WINDOWS\wt\wtupdates\DMMP\3.0.2.000\files\wtdmmp.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\DMMP\3.0.2.000\files\wtdmmpi.jar Medium
WildTangent C:\WINDOWS\wt\wtupdates\DMMP\3.0.2.000\files\wtdmmpv.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt Medium
WildTangent C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtdmmp\files\3.0.0.004\wtdmmp.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtdmmp\files\3.0.0.004\wtdmmpi.jar Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtdmmp\files\3.0.0.004\wtdmmpv.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy\wt3d.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\nsiwthostplugin.xpt Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\webdriver.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wildtangent.jar Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthost.exe Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthost.jar Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthostctl.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtmulti.dll Medium
WildTangent C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll Medium


Other Sections:

Ok, so I know there is a heck of a lot of wild tangent on there, but apparently that file contains drivers that is necessary to run some of my hubby's games. If it weren't for that, I would have deleted them long long ago, and at this point they have been around for so long that I'm kind of used to them even if it is annoying that they always come up.

So, at that point, and with much diligence I ran CWshredder:
here is that log.. *yes, I saved all the logs, I guess it's a little bit of over kill, but I really don't want to miss anything*
**** Run Keys ****

RUN: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
RUN: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
RUN: [kalvsys] C:\windows\system32\kalvklc32.exe
RUN: [WINDVDPatch] CTHELPER.EXE
RUN: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
RUN: [w34k3EU] nvmedump.exe
RUN: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
RUN: [UpdReg] C:\WINDOWS\UpdReg.EXE
RUN: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
RUN: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
RUN: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
RUN: [SESync] "C:\Program Files\SED\SED.exe"
RUN: [secure] C:\WINDOWS\system32\secure.exe
RUN: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
RUN: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
RUN: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
RUN: [ibcroc] C:\WINDOWS\system32\ibcroc.exe
RUN: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
RUN: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
RUN: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
RUN: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
RUN: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
RUN: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
RUN: [dxlddc] C:\WINDOWS\system32\dxlddc.exe
RUN: [CTHelper] CTHELPER.EXE
RUN: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
RUN: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
RUN: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
RUN: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
RUN: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
RUN: [RemoteCenter] C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
RUN: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [h0vqROY9i] nvabde40.exe


**** Browser Helper Objects ****



**** IE Toolbars ****



**** IE Extensions ****

IEExt: []
IEExt: [Spyware Doctor]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 www.igetnet.com
HOSTS: 127.0.0.1 code.ignphrases.com
HOSTS: 127.0.0.1 clear-search.com
HOSTS: 127.0.0.1 r1.clrsch.com
HOSTS: 127.0.0.1 sds.clrsch.com
HOSTS: 127.0.0.1 status.clrsch.com
HOSTS: 127.0.0.1 www.clrsch.com
HOSTS: 127.0.0.1 clr-sch.com
HOSTS: 127.0.0.1 sds-qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 69.20.16.183 auto.search.msn.com
HOSTS: 69.20.16.183 search.netscape.com
HOSTS: 69.20.16.183 ieautosearch
HOSTS: 69.20.16.183 ieautosearch


**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft...er=6&ar=msnhome
Default Search: http://www.microsoft...=ie&ar=iesearch
Local Page: C:\WINDOWS\about.htm
Search Page: http://www.microsoft...=ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [&Yahoo! Search] file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
IEContext: [Open Picture in &Microsoft PhotoDraw] res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
IEContext: [Yahoo! &Dictionary] file:///C:\Program Files\Yahoo!\Common/ycdict.htm
IEContext: [Yahoo! &Maps] file:///C:\Program Files\Yahoo!\Common/ycdict.htm


**** Layered Service Providers ****

LSP: calsp over [aklsp.dll over [MSAFD Tcpip [TCP/IP]]]
LSP: calsp over [aklsp.dll over [MSAFD Tcpip [UDP/IP]]]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53FC5182-CE44-4DE5-B3B0-FF903C51655E}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53FC5182-CE44-4DE5-B3B0-FF903C51655E}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ABCE733-E664-4267-A5AE-400E34018FF8}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ABCE733-E664-4267-A5AE-400E34018FF8}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A04816BD-FF91-4BEF-922B-437E9C884D6F}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A04816BD-FF91-4BEF-922B-437E9C884D6F}] DATAGRAM 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B537794C-C9F4-4176-A57F-74DFFA5222C0}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B537794C-C9F4-4176-A57F-74DFFA5222C0}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{550FED91-1489-4E7F-9C0B-EC5E2675F06C}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{550FED91-1489-4E7F-9C0B-EC5E2675F06C}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE32311D-112F-488C-BDB3-A75AECB2274E}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE32311D-112F-488C-BDB3-A75AECB2274E}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B15C8B8-86EB-496C-B946-34203C146B53}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B15C8B8-86EB-496C-B946-34203C146B53}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{10234C80-A4F7-4372-93B5-AEE47BF17E35}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{10234C80-A4F7-4372-93B5-AEE47BF17E35}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11DCCCE9-46D2-411B-9B33-DC13CC62AC09}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11DCCCE9-46D2-411B-9B33-DC13CC62AC09}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E41ECB8-DE07-4DB6-BB5A-C72DE3589296}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9E41ECB8-DE07-4DB6-BB5A-C72DE3589296}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D09DA50-B574-44DA-950F-F5EF7B3E10C3}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D09DA50-B574-44DA-950F-F5EF7B3E10C3}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F51E83B4-CFF7-4511-8B7E-467E93643E35}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F51E83B4-CFF7-4511-8B7E-467E93643E35}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70693F8E-D019-441F-9ED1-0A3BD73AB0E8}] SEQPACKET 12
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70693F8E-D019-441F-9ED1-0A3BD73AB0E8}] DATAGRAM 12
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF56BE7F-73B4-419F-8469-7F0096FB11D2}] SEQPACKET 13
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF56BE7F-73B4-419F-8469-7F0096FB11D2}] DATAGRAM 13


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{01113300-3E00-11D2-8470-0060089874ED} [http://help.bellsout...ad/tgctlcm.cab] C:\WINDOWS\Downloaded Program Files\CONFLICT.2\tgctlcm.dll
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} [http://www.creative....09/CTSUEng.cab]
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} [http://www.symantec....a/LSSupCtl.cab]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [http://security.syma...in/AvSniff.cab] C:\WINDOWS\Downloaded Program Files\CONFLICT.1\navapi32.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\avsniff.dll
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [http://security.syma.../bin/cabsa.cab]
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [http://www.symantec....a/SymAData.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.ma...sh/swflash.cab]
{DBA230D1-8467-4e69-987E-5FAE815A3B45}
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [http://www.creative....5010/CTPID.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Creative Service for CDROM Access] C:\WINDOWS\system32\CTSVCCDA.EXE
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[DeepsightExtractor] C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ExtractorServiceNPF03] C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
[ExtractorServiceNPF04] C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[KodakCCS] %SystemRoot%\system32\drivers\KodakCCS.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[navapsvc] C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NISSERV] C:\Program Files\Norton Personal Firewall\NISSERV.EXE
[NISUM] C:\Program Files\Norton Personal Firewall\NISUM.EXE
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NProtectService] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\System32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SBService] C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[ScsiAccess] C:\WINDOWS\System32\ScsiAccess.EXE
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
[SNMP] %SystemRoot%\System32\snmp.exe
[SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
[SoundMAX Agent Service (default)] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[Speed Disk service] C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{E82165A4-3FE7-40B0-85BC-32A2289DC73F}
[SymProxySvc] C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
[SymWSC] "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmcCds] c:\program files\windows media connect\mswmccds.exe
[WmcCdsLs] C:\Program Files\Windows Media Connect\mswmcls.exe
[WMDM PMSP Service] C:\WINDOWS\System32\MsPMSPSv.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %SystemRoot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
[ZESOFT] C:\WINDOWS\zeta.exe


**** Custom IE Search Items ****

SEARCH: [Data]
SEARCH: [SearchAssistant] http://ie.search.msn.com
SEARCH: [CustomizeSearch] http://ie.search.msn.com
SEARCH: [CustomSearch] http://red.clientapp.../search/ie.html


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\about.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Check_Associations] Yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [HistoryViewType]
IEOPT: [Search Bar_bak] http://red.clientapp...rch/search.html
IEOPT: [Use Search Assistant] no
IEOPT: [Use_Combobox_DlgBox_Colors_Complete] 1
IEOPT: [Use_Combobox_DlgBox_Colors_Failed] 12
IEOPT: [Use_Combobox_DlgBox_Colors_Error] 15
IEOPT: [HistoryTopNSitesView]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [FavChevron_Complete] 2
IEOPT: [FavChevron_Failed] 3
IEOPT: [FavChevron_Error] 4
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] yes
IEOPT: [Use Search Asst] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [FavoritesExportFile] C:\Documents and Settings\Owner\My Documents\bookmark.htm
IEOPT: [FavoritesImportFolder] C:\Documents and Settings\Owner\Favorites
IEOPT: [AutoSearch]
IEOPT: [Start Page] http://www.bellsouth.net/
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Default_Page_Url] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Default_Search_Url] http://www.microsoft...=ie&ar=iesearch
IEOPT: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
IEOPT: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
IEOPT: [Enable Browser Extensions] yes
IEOPT: [LastCheckedHi]
IEOPT: [Default_Page_URL] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Search Page] http://ie.search.msn.com
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://yahoo.sbc.com/dsl
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [CustomizeSearch] no
IEOPT: [SearchAssistant] no
IEOPT: [IEWatsonEnabled]
IEOPT: [Enable Browser Extensions] yes


And on top of that I went and did the "locate.com" scan w/ compare and logged it.
This is the results from that:


* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\dn4801~1.dll Thu Jan 6 2005 3:34:34p ..S.R 223,082 217.85 K
C:\WINDOWS\SYSTEM32\e0020a~1.dll Sun Jan 2 2005 5:44:44p ..S.R 224,772 219.50 K
C:\WINDOWS\SYSTEM32\gp8ol3~1.dll Thu Jan 6 2005 2:46:22p ..S.R 223,082 217.85 K
C:\WINDOWS\SYSTEM32\hr0405~1.dll Thu Jan 6 2005 12:15:58p ..S.R 225,146 219.87 K
C:\WINDOWS\SYSTEM32\hr0m05~1.dll Sun Jan 2 2005 12:39:24p ..S.R 223,948 218.70 K
C:\WINDOWS\SYSTEM32\i2nm0c~1.dll Sun Jan 2 2005 5:48:08p ..S.R 226,285 220.98 K
C:\WINDOWS\SYSTEM32\msrdo20.dll Thu May 11 2000 2:00:00a A.S.. 397,312 388.00 K
C:\WINDOWS\SYSTEM32\n88oli~1.dll Sun Jan 2 2005 10:53:28a ..S.R 224,620 219.36 K
C:\WINDOWS\SYSTEM32\p46sle~1.dll Sun Jan 2 2005 4:20:04p ..S.R 224,772 219.50 K
C:\WINDOWS\SYSTEM32\rdocurs.dll Tue Mar 14 2000 2:00:00a A.S.. 151,552 148.00 K
C:\WINDOWS\SYSTEM32\umyn0.dll Sat Nov 27 2004 8:42:46a ..SHR 473,636 462.54 K
________________________________________________

1,516 items found: 1,516 files (11 H/S), 0 directories.
Total of file sizes: 311,461,126 bytes 297.03 M

Administrator Account = True

--------------------End log---------------------

Since then, I ran the online virus scan at trend, and it came up with:
calsp.dll
gpiuus.dll
akrules.dll
error32.dll
mirka4e.dll

Ok, so at that point, I tried to install the free edition of PC-cillin, but I can't get it do go in, because Norton is a pain in the rear and won't completely uninstall without completely uninstalling the entire package.. **cleaners, defrags, quaran logs, and all other components that come with the stupid package**.. so, I'm going to have to try and go in manually and take that out before I can get PC-cillin to install correctly.

THEN!@!!!!
I did a full system reboot, to try and run Hijack This...
sent it to desktop and unzipped the file as a stand alone.
Tried to run it, and it starts but no more does it start and Windows says there is a problem, reports to microsoft and shuts it down..

ooohhhh wwwoooeee is me!! lol..

So, I'm down to my wits end..

is the any :tazz: for me?

It would be greatly appreciated.
Thanks bunches
Lisa
  • 0

Advertisements


#2
evrrdy

evrrdy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I forgot but I also ran the VX2 betterinternet thing and this is the log from it:

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

Keys Under Notify---
AtiExtEvent
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
SMDEn
termsrv
wlballoon


Guardian Key--- is called:

User Agent String---
{4B8F477C-47E2-40C2-9D7A-B1AC7DDAFFF
  • 0

#3
mpfeif101

mpfeif101

    Member 1K

  • Retired Staff
  • 1,411 posts
We need to see a HJT log :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP