Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RunDLL loves to quit

Started by Victor Creed , Jan 10 2005 05:07 PM

  • This topic is locked This topic is locked

#46
Metallica
Posted 29 January 2005 - 02:17 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Victor, can you PM me your email address. I will email you a new betaversion of HijackThis so you can try if that works for you.

Regards,

Pieter
  • 0

Advertisements

#47
Victor Creed
Posted 30 January 2005 - 04:16 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
it is done Metallica
  • 0

#48
Metallica
Posted 31 January 2005 - 12:46 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. File on it's way.

Pieter
  • 0

#49
Victor Creed
Posted 01 February 2005 - 04:22 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Never got it. Did you send it yet?
  • 0

#50
Metallica
Posted 01 February 2005 - 12:58 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Yes. And I wasn't notified about any failure.
Still not there?

Regards,

Pieter
  • 0

#51
Victor Creed
Posted 02 February 2005 - 01:08 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Oh... yeah... metallica... I got it :tazz:.
  • 0

#52
Victor Creed
Posted 02 February 2005 - 01:15 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
:tazz: THANKS! Nice Metallica that was what I needed here's the log folks.


Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 11:14:30 PM, on 2/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [2753522] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2753522.cpl
O4 - HKCU\..\Run: [66266] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66266.cpl
O4 - HKCU\..\Run: [131660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131660.cpl
O4 - HKCU\..\Run: [66228] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66228.cpl
O4 - HKCU\..\Run: [66288] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66288.cpl
O4 - HKCU\..\Run: [197258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197258.cpl
O4 - HKCU\..\Run: [262684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262684.cpl
O4 - HKCU\..\Run: [262792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262792.cpl
O4 - HKCU\..\Run: [66024] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66024.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131448.cpl
O4 - HKCU\..\Run: [66152] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66152.cpl
O4 - HKCU\..\Run: [197100] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197100.cpl
O4 - HKCU\..\Run: [131780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131780.cpl
O4 - HKCU\..\Run: [66036] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66036.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [66050] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66050.cpl
O4 - HKCU\..\Run: [131732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131732.cpl
O4 - HKCU\..\Run: [66004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66004.cpl
O4 - HKCU\..\Run: [66088] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66088.cpl
O4 - HKCU\..\Run: [66250] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66250.cpl
O4 - HKCU\..\Run: [66318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66318.cpl
O4 - HKCU\..\Run: [66220] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66220.cpl
O4 - HKCU\..\Run: [66290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66290.cpl
O4 - HKCU\..\Run: [131546] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131546.cpl
O4 - HKCU\..\Run: [66174] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66174.cpl
O4 - HKCU\..\Run: [327988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327988.cpl
O4 - HKCU\..\Run: [66240] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66240.cpl
O4 - HKCU\..\Run: [66108] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66108.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196882.cpl
O4 - HKCU\..\Run: [197022] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197022.cpl
O4 - HKCU\..\Run: [66204] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66204.cpl
O4 - HKCU\..\Run: [66306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66306.cpl
O4 - HKCU\..\Run: [197234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197234.cpl
O4 - HKCU\..\Run: [131578] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131578.cpl
O4 - HKCU\..\Run: [197286] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197286.cpl
O4 - HKCU\..\Run: [66292] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66292.cpl
O4 - HKCU\..\Run: [131458] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131458.cpl
O4 - HKCU\..\Run: [66234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66234.cpl
O4 - HKCU\..\Run: [131752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131752.cpl
O4 - HKCU\..\Run: [66180] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66180.cpl
O4 - HKCU\..\Run: [197042] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197042.cpl
O4 - HKCU\..\Run: [66134] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66134.cpl
O4 - HKCU\..\Run: [66302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66302.cpl
O4 - HKCU\..\Run: [66158] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66158.cpl
O4 - HKCU\..\Run: [66104] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66104.cpl
O4 - HKCU\..\Run: [66242] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66242.cpl
O4 - HKCU\..\Run: [131688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131688.cpl
O4 - HKCU\..\Run: [197186] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197186.cpl
O4 - HKCU\..\Run: [197200] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197200.cpl
O4 - HKCU\..\Run: [197272] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197272.cpl
O4 - HKCU\..\Run: [131466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131466.cpl
O4 - HKCU\..\Run: [131556] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131556.cpl
O4 - HKCU\..\Run: [131470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131470.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [196898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196898.cpl
O4 - HKCU\..\Run: [131760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131760.cpl
O4 - HKCU\..\Run: [66388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66388.cpl
O4 - HKCU\..\Run: [262468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262468.cpl
O4 - HKCU\..\Run: [131608] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131608.cpl
O4 - HKCU\..\Run: [262598] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262598.cpl
O4 - HKCU\..\Run: [197396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197396.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196864.cpl
O4 - HKCU\..\Run: [262470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262470.cpl
O4 - HKCU\..\Run: [131740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131740.cpl
O4 - HKCU\..\Run: [66118] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66118.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [66014] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66014.cpl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: inunpn.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

#53
Metallica
Posted 02 February 2005 - 01:05 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKCU\..\Run: [2753522] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2753522.cpl
O4 - HKCU\..\Run: [66266] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66266.cpl
O4 - HKCU\..\Run: [131660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131660.cpl
O4 - HKCU\..\Run: [66228] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66228.cpl
O4 - HKCU\..\Run: [66288] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66288.cpl
O4 - HKCU\..\Run: [197258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197258.cpl
O4 - HKCU\..\Run: [262684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262684.cpl
O4 - HKCU\..\Run: [262792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262792.cpl
O4 - HKCU\..\Run: [66024] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66024.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131448.cpl
O4 - HKCU\..\Run: [66152] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66152.cpl
O4 - HKCU\..\Run: [197100] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197100.cpl
O4 - HKCU\..\Run: [131780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131780.cpl
O4 - HKCU\..\Run: [66036] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66036.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [66050] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66050.cpl
O4 - HKCU\..\Run: [131732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131732.cpl
O4 - HKCU\..\Run: [66004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66004.cpl
O4 - HKCU\..\Run: [66088] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66088.cpl
O4 - HKCU\..\Run: [66250] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66250.cpl
O4 - HKCU\..\Run: [66318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66318.cpl
O4 - HKCU\..\Run: [66220] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66220.cpl
O4 - HKCU\..\Run: [66290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66290.cpl
O4 - HKCU\..\Run: [131546] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131546.cpl
O4 - HKCU\..\Run: [66174] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66174.cpl
O4 - HKCU\..\Run: [327988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327988.cpl
O4 - HKCU\..\Run: [66240] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66240.cpl
O4 - HKCU\..\Run: [66108] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66108.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196882.cpl
O4 - HKCU\..\Run: [197022] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197022.cpl
O4 - HKCU\..\Run: [66204] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66204.cpl
O4 - HKCU\..\Run: [66306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66306.cpl
O4 - HKCU\..\Run: [197234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197234.cpl
O4 - HKCU\..\Run: [131578] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131578.cpl
O4 - HKCU\..\Run: [197286] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197286.cpl
O4 - HKCU\..\Run: [66292] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66292.cpl
O4 - HKCU\..\Run: [131458] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131458.cpl
O4 - HKCU\..\Run: [66234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66234.cpl
O4 - HKCU\..\Run: [131752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131752.cpl
O4 - HKCU\..\Run: [66180] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66180.cpl
O4 - HKCU\..\Run: [197042] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197042.cpl
O4 - HKCU\..\Run: [66134] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66134.cpl
O4 - HKCU\..\Run: [66302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66302.cpl
O4 - HKCU\..\Run: [66158] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66158.cpl
O4 - HKCU\..\Run: [66104] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66104.cpl
O4 - HKCU\..\Run: [66242] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66242.cpl
O4 - HKCU\..\Run: [131688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131688.cpl
O4 - HKCU\..\Run: [197186] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197186.cpl
O4 - HKCU\..\Run: [197200] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197200.cpl
O4 - HKCU\..\Run: [197272] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197272.cpl
O4 - HKCU\..\Run: [131466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131466.cpl
O4 - HKCU\..\Run: [131556] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131556.cpl
O4 - HKCU\..\Run: [131470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131470.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [196898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196898.cpl
O4 - HKCU\..\Run: [131760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131760.cpl
O4 - HKCU\..\Run: [66388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66388.cpl
O4 - HKCU\..\Run: [262468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262468.cpl
O4 - HKCU\..\Run: [131608] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131608.cpl
O4 - HKCU\..\Run: [262598] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262598.cpl
O4 - HKCU\..\Run: [197396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197396.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196864.cpl
O4 - HKCU\..\Run: [262470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262470.cpl
O4 - HKCU\..\Run: [131740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131740.cpl
O4 - HKCU\..\Run: [66118] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66118.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [66014] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66014.cpl

O4 - Global Startup: inunpn.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

Reboot into safe mode and delete:
C:\Program Files\Toolbar <= entire folder
C:\Program Files\Common Files\WinTools <= entire folder
C:\WINDOWS\EliteToolBar <= entire folder

Then (still in safe mode) run HijackThis again and fix any entries that may have come back + any line starting with:
O4 - HKLM\..\Run: [kalvsys]

After cleaning copy the text in bold below to Notepad, and save in a location of your choice as elitefix.reg (Set filetype to 'all files')

Doubleclick the file we made and confirm you want to merge it with the Registry.


REGEDIT4

[-HKEY_CURRENT_USER\Software\LQ]

[-HKEY_LOCAL_MACHINE\SOFTWARE\ohbbackup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Elitum]


Post back with a new HijackThis log.

Regards,

Pieter
  • 0

#54
Victor Creed
Posted 05 February 2005 - 02:10 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
All done so now I got the new log:

Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 12:08:01 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

:tazz:
  • 0

#55
Metallica
Posted 05 February 2005 - 02:03 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
These need another kick where it hurts most:
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

The rest looks clean. How's your computer behaving?

Regards,

Pieter
  • 0

Advertisements

#56
Victor Creed
Posted 06 February 2005 - 03:11 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Logfile of HijackThis v1.99.1 (BETA)
Scan saved at 12:57:30 AM, on 2/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)



:tazz: New log and it seems to running better thanks ;).
  • 0

#57
Metallica
Posted 07 February 2005 - 10:23 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Not really necessary and only to be done if you are comfortable with editing with the registry:

Kill the Registry Key:
Using RegEdit, navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Expand the "Services" key in the left pane.
Delete the WebSeach Toolbar support NT service (TBPSSvc) and WinTools for IE service.

And stay safe. :tazz:

Regards,

Pieter
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP