1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Yet another ZipZap!!! Logs attached!

Discussion in 'Malware and Virus Removal Archive' started by BlickDot, 2005/02/27.

Thread Status:
Not open for further replies.
  1. 2005/02/27
    BlickDot

    BlickDot Inactive Thread Starter

    Joined:
    2005/02/27
    Messages:
    73
    Likes Received:
    0
    I am very impressed by this site you guys really know what you are doing!
    So please HELP!! :confused:

    I have been going through the posts to see how to remove this difficult piece of adware.
    This is a friends computer (No really) and I can usually handle most virus's and adware issues but I have to through in the towel on this one.

    I have tried to manually remove it twice. Painstakingly going through the registry removing keys and values, and deleting files from info I obtained elsewhere, but the darn thing keeps coming back. Ah yes and also there was an activex object I removed.

    I am tempted to try this procedure on my own, but I am not 100% sure of the process, which seems to be evolving from a few weeks ago, or perhaps it just different because of installation variables?

    I have scanned with Norton 2004 & Ad-Aware SE 1.05 (freshly updated) and recently using Trendmicro online scan. All come up clean.
    Although Ad-Aware SE freezes now and then, I ran it in +imortal mode and it goes through clean. I have done this while being logged in under both user accounts (both admin) in and in safe mode.

    Also I may have recently deleted some of the registry keys.

    So here are the log files:

    --------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 11:58:22 PM, on 2/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Netropa\OSD.exe
    C:\AntiSpyware\HJT\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xxqyituyxewftbblwsv.com/...o_9gPH6HR0nNwNgHatrrbbZlf_wUjF_aHlF2hUKR.html
    O1 - Hosts: 80.69.74.15 auto.search.msn.com
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    ---------------------------------------

    INSTALLED SOFTWARE (67) - CAPRICOMPUTER - 2/26/2005 11:59:29 PM

    Ad-Aware SE Personal
    Adobe Download Manager 1.2 (Remove Only)
    Adobe Reader 6.0 Ver: 6.0 Installed: 9/21/2003
    America Online
    CC_ccStart Ver: 2.1.0.610 Installed: 3/25/2004
    ccCommon Ver: 2.1.0.610 Installed: 3/25/2004
    Conexant HSF V92 56K RTAD Speakerphone PCI Modem
    Dell Picture Studio - Image Expert 2000
    Dell Solution Center Ver: 1.00.0000 Installed: 12/15/2001
    DellTouch
    FoneSync
    Help and Support Customization Ver: 1.00.0000 Installed: 12/15/2001
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 3/27/2004
    HijackThis 1.99.1 Ver: 1.99.1
    Intel(R) PRO Network Adapters and Drivers
    LiveReg (Symantec Corporation) Ver: 2.4.1.2056
    LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 2/24/2005
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Encarta Encyclopedia Standard 2001 Ver: 2001 Installed: 9/5/2001
    Microsoft Picture It! Publishing 2001 Ver: 5.0.0.0000 Installed: 9/5/2001
    Microsoft Streets and Trips 2001 Ver: 8.00.15.1000 Installed: 9/5/2001
    Microsoft Windows Journal Viewer Ver: 1.5.2315.3 Installed: 3/27/2004
    Microsoft Word 2000 SR-1 Ver: 9.00.3821 Installed: 9/5/2001
    Microsoft Works 2001 Setup Launcher
    Microsoft Works 6.0 Ver: 06.00.1829 Installed: 9/5/2001
    Microsoft Works Suite Add-in for Microsoft Word Ver: 2.0.0.0000 Installed: 9/5/2001
    Modem Helper
    MSRedist Ver: 1.0.0.0 Installed: 3/25/2004
    MusicMatch Jukebox
    Norton AntiVirus 2004 Ver: 10.00.10 Installed: 3/25/2004
    Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.10
    Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 3/25/2004
    Norton AntiVirus SYMLT MSI Ver: 10.0.10 Installed: 3/25/2004
    Norton WMI Update Ver: 2005.1.0.111 Installed: 9/5/2004
    nqjxefsry
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    PhoneTools
    PowerDVD
    QuickBooks Pro Edition 2003
    RealPlayer Basic
    Shockwave
    Shockwave Flash
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/3/2005
    Symantec Script Blocking Installer Ver: 1.0.0 Installed: 3/25/2004
    SymNet Ver: 4.7.1 Installed: 3/25/2004
    WebFldrs XP Ver: 9.50.5318 Installed: 9/5/2001
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
    Windows XP Service Pack 2 Ver: 20040803.231319
    Works Suite OS Pack Ver: 1.0.0.0000 Installed: 9/5/2001
    Works Synchronization Ver: 1.0.0.0000 Installed: 9/5/2001
    ----------------------------------

    REGEDIT4

    ; Registry Search by Bobbi Flekman
    ; Version: 1.0.1.0

    ; Results at 2/27/2005 12:02:57 AM for strings:
    ; 'nqjxefsry'
    ; 'instant access'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nqjxefsry "= "c:\\windows\\system32\\nqjxefsry.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nqjxefsry]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nqjxefsry]
    "UninstallString "= "c:\\windows\\system32\\nqjxefsry.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nqjxefsry]
    "DisplayName "= "nqjxefsry "

    [HKEY_USERS\S-1-5-21-2143260530-2020637620-97400744-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\windows\\system32\\nqjxefsry.exe "= "nqjxefsry "
    ----------------------

    Thankx
    Bob
     
    Last edited: 2005/02/27
    BlickDot,
    #1
  2. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS BlickDot :)

    Save this to text where you can access it in safe mode.

    Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

    Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\System32\nqjxefsry.exe

    Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

    C:\WINDOWS\Downlo~1\EGDACCESS.inf
    C:\WINDOWS\system32\EGDACCESS_1057.dll



    Download and install Reglite.


    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xxqyituyxewftbblwsv.com/..._aHlF2hUKR.html
    O1 - Hosts: 80.69.74.15 auto.search.msn.com
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - (no file)



    Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

    Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.


    Open RegLite and copy/paste the following string in the address window then click go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    The forum format puts a space in the word current that you will need to edit out before clicking Go.

    Right click the "nqjxefsry "= "c:\\windows\\system32\\nqjxefsry.exe -start" value in the right pane and delete. Then copy/paste the following.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx

    Right click the nqjxefsry key in the left pane and delete.

    Exit Reglite.

    Open C:\Program Files and delete the folder AutoUpdate.
    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.
    Uncheck the /safeboot box in msconfig and ok to reboot.


    Run another HijackThis scan and post the log. Let us know if the popups stop.

    PS. Good job of gathering up the necessary info. ;)
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2005/02/27
    BlickDot

    BlickDot Inactive Thread Starter

    Joined:
    2005/02/27
    Messages:
    73
    Likes Received:
    0
    Ok!!!

    Thanks for your help.

    I have followed your instructions as listed.
    Exceptions:
    There was no folder "C:\Program Files\ AutoUpdate" to delete.

    And as an over precaution I also deleted the "C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5" For all users/folders listed in "C:\Documents and Settings" folder. I hope that was ok.

    After restarting I have logged back into each user account with no apparent troubles (NO POPUPS!!!)

    Here is the HJT log. Also including another Installed Programs log.

    ------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:48 AM, on 2/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\ASW\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    -----------------------------------------

    INSTALLED SOFTWARE (67) - CAPRICOMPUTER - 2/27/2005 11:59:45 AM

    Ad-Aware SE Personal
    Adobe Download Manager 1.2 (Remove Only)
    Adobe Reader 6.0 Ver: 6.0 Installed: 9/21/2003
    America Online
    CC_ccStart Ver: 2.1.0.610 Installed: 3/25/2004
    ccCommon Ver: 2.1.0.610 Installed: 3/25/2004
    Conexant HSF V92 56K RTAD Speakerphone PCI Modem
    Dell Picture Studio - Image Expert 2000
    Dell Solution Center Ver: 1.00.0000 Installed: 12/15/2001
    DellTouch
    FoneSync
    Help and Support Customization Ver: 1.00.0000 Installed: 12/15/2001
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 3/27/2004
    HijackThis 1.99.1 Ver: 1.99.1
    Intel(R) PRO Network Adapters and Drivers
    LiveReg (Symantec Corporation) Ver: 2.4.1.2056
    LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 2/24/2005
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Encarta Encyclopedia Standard 2001 Ver: 2001 Installed: 9/5/2001
    Microsoft Picture It! Publishing 2001 Ver: 5.0.0.0000 Installed: 9/5/2001
    Microsoft Streets and Trips 2001 Ver: 8.00.15.1000 Installed: 9/5/2001
    Microsoft Windows Journal Viewer Ver: 1.5.2315.3 Installed: 3/27/2004
    Microsoft Word 2000 SR-1 Ver: 9.00.3821 Installed: 9/5/2001
    Microsoft Works 2001 Setup Launcher
    Microsoft Works 6.0 Ver: 06.00.1829 Installed: 9/5/2001
    Microsoft Works Suite Add-in for Microsoft Word Ver: 2.0.0.0000 Installed: 9/5/2001
    Modem Helper
    MSRedist Ver: 1.0.0.0 Installed: 3/25/2004
    MusicMatch Jukebox
    Norton AntiVirus 2004 Ver: 10.00.10 Installed: 3/25/2004
    Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.10
    Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 3/25/2004
    Norton AntiVirus SYMLT MSI Ver: 10.0.10 Installed: 3/25/2004
    Norton WMI Update Ver: 2005.1.0.111 Installed: 9/5/2004
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    PhoneTools
    PowerDVD
    QuickBooks Pro Edition 2003
    RealPlayer Basic
    Registrar Lite 2.00
    Shockwave
    Shockwave Flash
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/3/2005
    Symantec Script Blocking Installer Ver: 1.0.0 Installed: 3/25/2004
    SymNet Ver: 4.7.1 Installed: 3/25/2004
    WebFldrs XP Ver: 9.50.5318 Installed: 9/5/2001
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
    Windows XP Service Pack 2 Ver: 20040803.231319
    Works Suite OS Pack Ver: 1.0.0.0000 Installed: 9/5/2001
    Works Synchronization Ver: 1.0.0.0000 Installed: 9/5/2001

    -----------------------

    Thankx
    Bob
     
    BlickDot,
    #3
  5. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. :) Re-enable System Restore and create a manual restore point. Also recommend you download Spybot Version 1.3 from my signature and install. Allow it to load SD Helper. Open it up and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
    Then download and install IESpyad.

    That will give you some added layers of protection against unwanted parasites.

    Happy to help.
     
    noahdfear,
    #4
  6. 2005/02/27
    BlickDot

    BlickDot Inactive Thread Starter

    Joined:
    2005/02/27
    Messages:
    73
    Likes Received:
    0
    Yes!!

    I will follow your suggestions.
    Thank you for your assistance Dave. I can definitely get educated around here. I have to tour around this forum and get failure with things. Great site, very helpful. :)


    Thanks again, :)
    Bob
     
    BlickDot,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...