Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RunDLL loves to quit


  • This topic is locked This topic is locked

#46
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Victor, can you PM me your email address. I will email you a new betaversion of HijackThis so you can try if that works for you.

Regards,

Pieter
  • 0

Advertisements


#47
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
it is done Metallica
  • 0

#48
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
OK. File on it's way.

Pieter
  • 0

#49
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Never got it. Did you send it yet?
  • 0

#50
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Yes. And I wasn't notified about any failure.
Still not there?

Regards,

Pieter
  • 0

#51
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Oh... yeah... metallica... I got it :tazz:.
  • 0

#52
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
:tazz: THANKS! Nice Metallica that was what I needed here's the log folks.


Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 11:14:30 PM, on 2/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [2753522] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2753522.cpl
O4 - HKCU\..\Run: [66266] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66266.cpl
O4 - HKCU\..\Run: [131660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131660.cpl
O4 - HKCU\..\Run: [66228] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66228.cpl
O4 - HKCU\..\Run: [66288] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66288.cpl
O4 - HKCU\..\Run: [197258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197258.cpl
O4 - HKCU\..\Run: [262684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262684.cpl
O4 - HKCU\..\Run: [262792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262792.cpl
O4 - HKCU\..\Run: [66024] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66024.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131448.cpl
O4 - HKCU\..\Run: [66152] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66152.cpl
O4 - HKCU\..\Run: [197100] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197100.cpl
O4 - HKCU\..\Run: [131780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131780.cpl
O4 - HKCU\..\Run: [66036] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66036.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [66050] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66050.cpl
O4 - HKCU\..\Run: [131732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131732.cpl
O4 - HKCU\..\Run: [66004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66004.cpl
O4 - HKCU\..\Run: [66088] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66088.cpl
O4 - HKCU\..\Run: [66250] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66250.cpl
O4 - HKCU\..\Run: [66318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66318.cpl
O4 - HKCU\..\Run: [66220] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66220.cpl
O4 - HKCU\..\Run: [66290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66290.cpl
O4 - HKCU\..\Run: [131546] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131546.cpl
O4 - HKCU\..\Run: [66174] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66174.cpl
O4 - HKCU\..\Run: [327988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327988.cpl
O4 - HKCU\..\Run: [66240] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66240.cpl
O4 - HKCU\..\Run: [66108] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66108.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196882.cpl
O4 - HKCU\..\Run: [197022] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197022.cpl
O4 - HKCU\..\Run: [66204] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66204.cpl
O4 - HKCU\..\Run: [66306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66306.cpl
O4 - HKCU\..\Run: [197234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197234.cpl
O4 - HKCU\..\Run: [131578] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131578.cpl
O4 - HKCU\..\Run: [197286] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197286.cpl
O4 - HKCU\..\Run: [66292] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66292.cpl
O4 - HKCU\..\Run: [131458] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131458.cpl
O4 - HKCU\..\Run: [66234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66234.cpl
O4 - HKCU\..\Run: [131752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131752.cpl
O4 - HKCU\..\Run: [66180] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66180.cpl
O4 - HKCU\..\Run: [197042] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197042.cpl
O4 - HKCU\..\Run: [66134] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66134.cpl
O4 - HKCU\..\Run: [66302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66302.cpl
O4 - HKCU\..\Run: [66158] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66158.cpl
O4 - HKCU\..\Run: [66104] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66104.cpl
O4 - HKCU\..\Run: [66242] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66242.cpl
O4 - HKCU\..\Run: [131688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131688.cpl
O4 - HKCU\..\Run: [197186] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197186.cpl
O4 - HKCU\..\Run: [197200] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197200.cpl
O4 - HKCU\..\Run: [197272] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197272.cpl
O4 - HKCU\..\Run: [131466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131466.cpl
O4 - HKCU\..\Run: [131556] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131556.cpl
O4 - HKCU\..\Run: [131470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131470.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [196898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196898.cpl
O4 - HKCU\..\Run: [131760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131760.cpl
O4 - HKCU\..\Run: [66388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66388.cpl
O4 - HKCU\..\Run: [262468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262468.cpl
O4 - HKCU\..\Run: [131608] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131608.cpl
O4 - HKCU\..\Run: [262598] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262598.cpl
O4 - HKCU\..\Run: [197396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197396.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196864.cpl
O4 - HKCU\..\Run: [262470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262470.cpl
O4 - HKCU\..\Run: [131740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131740.cpl
O4 - HKCU\..\Run: [66118] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66118.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [66014] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66014.cpl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: inunpn.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

#53
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKCU\..\Run: [2753522] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2753522.cpl
O4 - HKCU\..\Run: [66266] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66266.cpl
O4 - HKCU\..\Run: [131660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131660.cpl
O4 - HKCU\..\Run: [66228] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66228.cpl
O4 - HKCU\..\Run: [66288] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66288.cpl
O4 - HKCU\..\Run: [197258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197258.cpl
O4 - HKCU\..\Run: [262684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262684.cpl
O4 - HKCU\..\Run: [262792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262792.cpl
O4 - HKCU\..\Run: [66024] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66024.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131448.cpl
O4 - HKCU\..\Run: [66152] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66152.cpl
O4 - HKCU\..\Run: [197100] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197100.cpl
O4 - HKCU\..\Run: [131780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131780.cpl
O4 - HKCU\..\Run: [66036] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66036.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [66050] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66050.cpl
O4 - HKCU\..\Run: [131732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131732.cpl
O4 - HKCU\..\Run: [66004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66004.cpl
O4 - HKCU\..\Run: [66088] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66088.cpl
O4 - HKCU\..\Run: [66250] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66250.cpl
O4 - HKCU\..\Run: [66318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66318.cpl
O4 - HKCU\..\Run: [66220] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66220.cpl
O4 - HKCU\..\Run: [66290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66290.cpl
O4 - HKCU\..\Run: [131546] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131546.cpl
O4 - HKCU\..\Run: [66174] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66174.cpl
O4 - HKCU\..\Run: [327988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327988.cpl
O4 - HKCU\..\Run: [66240] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66240.cpl
O4 - HKCU\..\Run: [66108] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66108.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196882.cpl
O4 - HKCU\..\Run: [197022] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197022.cpl
O4 - HKCU\..\Run: [66204] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66204.cpl
O4 - HKCU\..\Run: [66306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66306.cpl
O4 - HKCU\..\Run: [197234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197234.cpl
O4 - HKCU\..\Run: [131578] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131578.cpl
O4 - HKCU\..\Run: [197286] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197286.cpl
O4 - HKCU\..\Run: [66292] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66292.cpl
O4 - HKCU\..\Run: [131458] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131458.cpl
O4 - HKCU\..\Run: [66234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66234.cpl
O4 - HKCU\..\Run: [131752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131752.cpl
O4 - HKCU\..\Run: [66180] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66180.cpl
O4 - HKCU\..\Run: [197042] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197042.cpl
O4 - HKCU\..\Run: [66134] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66134.cpl
O4 - HKCU\..\Run: [66302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66302.cpl
O4 - HKCU\..\Run: [66158] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66158.cpl
O4 - HKCU\..\Run: [66104] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66104.cpl
O4 - HKCU\..\Run: [66242] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66242.cpl
O4 - HKCU\..\Run: [131688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131688.cpl
O4 - HKCU\..\Run: [197186] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197186.cpl
O4 - HKCU\..\Run: [197200] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197200.cpl
O4 - HKCU\..\Run: [197272] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197272.cpl
O4 - HKCU\..\Run: [131466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131466.cpl
O4 - HKCU\..\Run: [131556] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131556.cpl
O4 - HKCU\..\Run: [131470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131470.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [196898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196898.cpl
O4 - HKCU\..\Run: [131760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131760.cpl
O4 - HKCU\..\Run: [66388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66388.cpl
O4 - HKCU\..\Run: [262468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262468.cpl
O4 - HKCU\..\Run: [131608] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131608.cpl
O4 - HKCU\..\Run: [262598] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262598.cpl
O4 - HKCU\..\Run: [197396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197396.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196864.cpl
O4 - HKCU\..\Run: [262470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262470.cpl
O4 - HKCU\..\Run: [131740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131740.cpl
O4 - HKCU\..\Run: [66118] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66118.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [66014] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66014.cpl

O4 - Global Startup: inunpn.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

Reboot into safe mode and delete:
C:\Program Files\Toolbar <= entire folder
C:\Program Files\Common Files\WinTools <= entire folder
C:\WINDOWS\EliteToolBar <= entire folder

Then (still in safe mode) run HijackThis again and fix any entries that may have come back + any line starting with:
O4 - HKLM\..\Run: [kalvsys]

After cleaning copy the text in bold below to Notepad, and save in a location of your choice as elitefix.reg (Set filetype to 'all files')

Doubleclick the file we made and confirm you want to merge it with the Registry.


REGEDIT4

[-HKEY_CURRENT_USER\Software\LQ]

[-HKEY_LOCAL_MACHINE\SOFTWARE\ohbbackup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Elitum]


Post back with a new HijackThis log.

Regards,

Pieter
  • 0

#54
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
All done so now I got the new log:

Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 12:08:01 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

:tazz:
  • 0

#55
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
These need another kick where it hurts most:
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

The rest looks clean. How's your computer behaving?

Regards,

Pieter
  • 0

Advertisements


#56
Victor Creed

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 12:57:30 AM, on 2/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)



:tazz: New log and it seems to running better thanks ;).
  • 0

#57
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Not really necessary and only to be done if you are comfortable with editing with the registry:

Kill the Registry Key:
Using RegEdit, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Expand the "Services" key in the left pane.
Delete the WebSeach Toolbar support NT service (TBPSSvc) and WinTools for IE service.

And stay safe. :tazz:

Regards,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP