1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

help with HJT log

Discussion in 'Malware and Virus Removal Archive' started by jazi, 2005/10/21.

Page 1 of 2
  1. 2005/10/21
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    Hey could anyone please look at my hijack log and tell me which entries to remove... thanks... if you have time please read the related thread by me with the title popups in explorer..

    Logfile of HijackThis v1.99.1
    Scan saved at 12:10:04 AM, on 10/20/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hfp.exe
    E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
    E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
    D:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\jazi\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.fascom.com:8080;http=proxy.fascom.com:8080
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Display Driver\nwiz.exe /install "
    O4 - HKLM\..\Run: [UpdReg] "C:\WINNT\Updreg.exe "
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "
    O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe "
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE "
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe "
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe "
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroCheck] "C:\WINNT\system32\NeroCheck.exe "
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe "
    O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [iamapp] E:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1067.dll,InstantAccess
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm11986PK
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab34227.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab34035.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7493DE54-2D27-407F-BAE0-120674137F71}: NameServer = 202.125.132.154,202.125.132.155
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E5272D-71D1-4C94-8029-6F42C6FE23FE}: NameServer = 202.87.109.10 202.87.80.10
    O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINNT\system32\CTSvcCDA.exe (file missing)
    O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINNT\system32\hfp.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
    O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - E:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
    jazi,
    #1
  2. 2005/10/23
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    http://www.iamnotageek.com/a/358-p1.php and follow the removal instructions.

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    First thing to try is to uninstall from add/remove. If that doesn't do it for you,
    http://www.geocities.com/poiuyt_1940/KLnewnetfull.html

    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1067.dll,InstantAccess
    http://securityresponse.symantec.com/avcenter/venc/data/dialer.instantaccess.html

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxdm11986PK
    Details and removal instructions http://www.doxdesk.com/parasite/MySearch.html

    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINNT\system32\hfp.exe
    Not sure about this one. Probably OK but if you don't know what it is, good idea to remove it.
     
    Newt,
    #2


  3. to hide this advert.

  4. 2005/10/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Good advice given so far, but a few extra things to do for that EGDACCESS infection.

    Please download this customized version of HijackThis:
    HJT + extra

    and follow the instructions here to post a both.log
    BOTHLOG

    I think C:\WINNT\system32\hfp.exe may be a Bluetooth file. Would you check it's properties please? If so, it's OK to keep.
     
    noahdfear,
    #3
  5. 2005/10/25
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Whew. Thanks noahdfear. I'm always a little nervous about giving spyware removal advice unless one of you guru folks is around to catch omissions. Just didn't want to leave jazi hanging.

    jazi - what he said.
     
    Newt,
    #4
  6. 2005/10/30
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    thanks all for your replies.... sorry i couldn't give you an update earlier as there was a death in my family and have not been logged on for a while now... i'll try your suggestions and then give you an update tomorrow

    once again thanks
     
    jazi,
    #5
  7. 2005/11/02
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    my bothlog

    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:22 PM, on 11/2/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hfp.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\winnt\system32\ezyrul.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
    D:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Winamp\winamp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\HJT+\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;gopher=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080;https=proxy.cyber.net.pk:8080
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Display Driver\nwiz.exe /install "
    O4 - HKLM\..\Run: [UpdReg] "C:\WINNT\Updreg.exe "
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "
    O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe "
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE "
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe "
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe "
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroCheck] "C:\WINNT\system32\NeroCheck.exe "
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe "
    O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [ezyrul] c:\winnt\system32\ezyrul.exe -start
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_ASPIV4_1068.dll,InstantAccess
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm11986PK
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab34227.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab34035.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7493DE54-2D27-407F-BAE0-120674137F71}: NameServer = 202.125.132.154,202.125.132.155
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E5272D-71D1-4C94-8029-6F42C6FE23FE}: NameServer = 202.163.96.3 202.163.96.4
    O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINNT\system32\hfp.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
    jazi,
    #6
  8. 2005/11/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Very sorry for the delay. I've been quite busy myself lately.

    Download Brute Force Uninstaller.
    Unzip it to it’s own folder (c:\BFU)

    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As ") in order to download EGDACCESS Remover. Save it in the folder you made earlier (c:\BFU)

    Copy the text in the quote box below into notepad and save it to your desktop as:

    Filename: findEGDA.vbs
    Save As Type: All Files

    Make sure the formatting stays the same.

    Doubleclick the file to run it. If you have a resident script blocker it may warn you about or stop the vbs script. Please allow it, it is harmless.
    You will get a prompt looking like this
    c:\winnt\system32\ezyrul.exe -uninstall
    Click OK to execute that command.
    You will be prompted if you are sure you want to uninstall. Confirm.

    After a little while you will get a prompt the application was removed.

    Start the Brute Force Uninstaller by doubleclicking BFU.exe

    In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
    Press execute and let it do it’s job.

    Wait for the complete script execution box to popup and press OK.
    Press exit to terminate the BFU program.


    Reboot and post a new HJTBoth log.
     
    noahdfear,
    #7
  9. 2005/11/18
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    hi i did all of the above and am posting the new both log below.... i'd like to mention over here that i get some annoying popups from security-updater.com and am unable to install the updates downloaded from the windows update site... thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:28 AM, on 11/19/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hfp.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\winnt\system32\ezyrul.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
    C:\WINNT\system32\cmd.exe
    D:\HJT+\HijackThis.exe
    C:\WINNT\system32\ping.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;gopher=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080;https=proxy.cyber.net.pk:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Display Driver\nwiz.exe /install "
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "
    O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe "
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE "
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe "
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe "
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroCheck] "C:\WINNT\system32\NeroCheck.exe "
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe "
    O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [ezyrul] c:\winnt\system32\ezyrul.exe -start
    O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1069.dll,InstantAccess
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm11986PK
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab34227.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab34035.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7493DE54-2D27-407F-BAE0-120674137F71}: NameServer = 202.125.132.154,202.125.132.155
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E5272D-71D1-4C94-8029-6F42C6FE23FE}: NameServer = 202.163.96.3 202.163.96.4
    O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINNT\system32\hfp.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    doesn't exist HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
    doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplorer.exe
    -----------------------
    -----------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe /logon "
    "nwiz "= "C:\\Program Files\\NVIDIA Display Driver\\nwiz.exe /install\" "
    "CTStartup "= "\ "C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run\" "
    "IMONTRAY "= "\ "C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe\" "
    "LVCOMS "= "\ "C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE\" "
    "LogitechGalleryRepair "= "\ "C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe\" "
    "SoundMAXPnP "= "\ "C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\" "
    "SoundMAX "= "\ "C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray "
    "NeroCheck "= "\ "C:\\WINNT\\system32\\NeroCheck.exe\" "
    "InCD "= "\ "C:\\Program Files\\Ahead\\InCD\\InCD.exe\" "
    "Nokia Tray Application "= "\ "C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe\" "
    "TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    "HPDJ Taskbar Utility "= "C:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe "
    "SSC_UserPrompt "= "C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe "
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup "
    "DAEMON Tools-1033 "= "\ "C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 "
    "PCSuiteTrayApplication "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray "
    "DataLayer "= "C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE "
    "RegistryMechanic "=" "
    "vptray "= "E:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe "
    "ezyrul "= "c:\\winnt\\system32\\ezyrul.exe -start "
    "Zone Labs Client "= "d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Instant Access "= "rundll32.exe EGDACCESS_1069.dll,InstantAccess "


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
    @= "{BDA77241-42F6-11d0-85E2-00AA001FE28C} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
    @= "{750fdf0e-2a26-11d1-a3ea-080036587f03} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
    @= "{09799AFB-AD67-11d1-ABCD-00C04FC30936} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
    @= "{A470F8CF-A1E8-4f65-8335-227475AA5C46} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR]
    @= "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
    @= "{E0D79304-84BE-11CE-9641-444553540000} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail]
    @= "{5464D816-CF16-4784-B9F3-75C0DB52B499} "


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    Scheduled Tasks Folder Contents
    *
    C:\WINNT\Tasks\desktop.ini
    C:\WINNT\Tasks\SA.DAT
    C:\WINNT\Tasks\Symantec NetDetect.job
    C:\WINNT\Tasks\XoftSpy.job
     
    jazi,
    #8
  10. 2005/12/02
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    hey guys any update on my problem? thanks in advance!
     
    jazi,
    #9
  11. 2005/12/02
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Sorry to leave you hanging on this issue but you are well beyond anything I am able to deal with. I sent Dave a PM to look back at it if he has time but no assurance that he will. He is in the middle of a bunch of stuff and doesn't get to look at the forum all that often lately.
     
    Newt,
    #10
  12. 2005/12/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You should copy and save this post to text where you can access it in safe mode.

    Please delete the previously saved edgaccess.bfu file in the BFU folder, then download the updated egdaccess.bfu from here and save it to the bfu folder.


    Download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

    Copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same.
    Close it, saving to your desktop as:

    File name: zipzap.reg
    Save As Type: All Files



    Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and click OK. Click yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

    Double click the zipzap.reg file and allow it to merge with the registry.

    Click start>run and type cmd to open a command prompt window. Open these saved instructions and copy the first command below, then paste it in the command window and click OK. Then do the other. Close the command window when done.

    attrib -h -r -s c:\winnt\system32\ezyrul.exe

    del c:\winnt\system32\ezyrul.exe


    Start the Brute Force Uninstaller by doubleclicking BFU.exe

    In the scriptline to execute, copy and paste c:\bfu\EGDACCESS.bfu
    Press execute and let it do it’s job.

    Wait for the complete script execution box to popup and press OK.
    Press exit to terminate the BFU program.

    Close all other windows, scan again with HijackThis and place a check next to the following entries if present.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [ezyrul] c:\winnt\system32\ezyrul.exe -start
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1069.dll,InstantAccess
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm11986PK
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binari...069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binari...068_ASPIV4.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binari...CCESS_1068.cab
    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binari...CCESS_1069.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binari...CCESS_1067.cab


    Click Fix Checked and close HJT.


    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for ALL username folders.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Close Internet Options.

    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.

    If you used msconfig, uncheck the /safeboot box and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

    Run another HijackThisBoth scan and post the log.
     
    noahdfear,
    #11
  13. 2005/12/08
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    thanks for the response... did all of the above and here is the bothlog.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:07:48 AM, on 12/9/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hfp.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
    C:\WINNT\system32\cmd.exe
    D:\HJT+\HijackThis.exe
    C:\WINNT\system32\ping.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.cyber.net.pk:8080;gopher=proxy.cyber.net.pk:8080;http=proxy.cyber.net.pk:8080;https=proxy.cyber.net.pk:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Display Driver\nwiz.exe /install "
    O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run "
    O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe "
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE "
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe "
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe "
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroCheck] "C:\WINNT\system32\NeroCheck.exe "
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe "
    O4 - HKLM\..\Run: [Nokia Tray Application] "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe "
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
    O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133544006484
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab34035.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7493DE54-2D27-407F-BAE0-120674137F71}: NameServer = 202.125.132.154,202.125.132.155
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E5272D-71D1-4C94-8029-6F42C6FE23FE}: NameServer = 202.163.96.3 202.163.96.4
    O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - D:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINNT\system32\hfp.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    doesn't exist HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
    doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplorer.exe
    -----------------------
    -----------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe /logon "
    "nwiz "= "C:\\Program Files\\NVIDIA Display Driver\\nwiz.exe /install\" "
    "CTStartup "= "\ "C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run\" "
    "IMONTRAY "= "\ "C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe\" "
    "LVCOMS "= "\ "C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE\" "
    "LogitechGalleryRepair "= "\ "C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe\" "
    "SoundMAXPnP "= "\ "C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\" "
    "SoundMAX "= "\ "C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray "
    "NeroCheck "= "\ "C:\\WINNT\\system32\\NeroCheck.exe\" "
    "InCD "= "\ "C:\\Program Files\\Ahead\\InCD\\InCD.exe\" "
    "Nokia Tray Application "= "\ "C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe\" "
    "TkBellExe "= "\ "realsched.exe\" -osboot "
    "HPDJ Taskbar Utility "= "C:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe "
    "SSC_UserPrompt "= "C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe "
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup "
    "RegistryMechanic "=" "
    "vptray "= "E:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe "
    "Zone Labs Client "= "d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "
    "DataLayer "= "C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe "
    "PCSuiteTrayApplication "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray "


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
    @= "{BDA77241-42F6-11d0-85E2-00AA001FE28C} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
    @= "{750fdf0e-2a26-11d1-a3ea-080036587f03} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
    @= "{09799AFB-AD67-11d1-ABCD-00C04FC30936} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
    @= "{A470F8CF-A1E8-4f65-8335-227475AA5C46} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR]
    @= "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
    @= "{E0D79304-84BE-11CE-9641-444553540000} "

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail]
    @= "{5464D816-CF16-4784-B9F3-75C0DB52B499} "


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    Scheduled Tasks Folder Contents
    *
    C:\WINNT\Tasks\desktop.ini
    C:\WINNT\Tasks\SA.DAT
    C:\WINNT\Tasks\Symantec NetDetect.job
    C:\WINNT\Tasks\XoftSpy.job
     
    jazi,
    #12
  14. 2005/12/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks like we got it. Have the popups stopped? Try going to Windows Update now and accept all available updates.
     
    noahdfear,
    #13
  15. 2005/12/11
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    well thankfully the popups have disappeared but as always when i try to install the updates from the windows update site they fail to install saying that something on my computer isn't letting updates be installed :mad: :mad:
     
    jazi,
    #14
  16. 2005/12/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download GetServices.zip Extract it to a new folder on the desktop. Open the folder and double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. Copy and paste the contents here.

    Please download newbat.zip, saving the file to your desktop. Right click and extract the file, then double click it to run. It will create and open peek1.txt on your desktop. Please post the contents of that text.
     
    noahdfear,
    #15
  17. 2005/12/14
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    part 1 of getservices

    PsService v1.1 - local and remote services viewer/controller
    Copyright (C) 2001-2003 Mark Russinovich
    Sysinternals - www.sysinternals.com

    SERVICE_NAME: AppMgmt
    Provides software installation services such as Assign, Publish, and Remove.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Application Management
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: BITS
    Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k BITSgroup
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Background Intelligent Transfer Service
    DEPENDENCIES : Rpcss
    : SENS
    : Wmi
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: btwdins
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Bluetooth Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: cisvc
    (null)
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\cisvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Indexing Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ClipSrv
    Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ClipBook
    DEPENDENCIES : NetDDE
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Creative Service for CDROM Access
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME :
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Creative Service for CDROM Access
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: DefWatch
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : E:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : DefWatch
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Dhcp
    Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DHCP Client
    DEPENDENCIES : Tcpip
    : Afd
    : NetBT
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Diskeeper
    Controls the Diskeeper Service
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Diskeeper
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmadmin
    Administrative service for disk management requests
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager Administrative Service
    DEPENDENCIES : RpcSs
    : PlugPlay
    : DmServer
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmserver
    Logical Disk Manager Watchdog Service
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager
    DEPENDENCIES : RpcSs
    : PlugPlay
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Dnscache
    Resolves and caches Domain Name System (DNS) names.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DNS Client
    DEPENDENCIES : Tcpip
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Eventlog
    Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP : Event log
    TAG : 0
    DISPLAY_NAME : Event Log
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: EventSystem
    Provides automatic distribution of events to subscribing COM components.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : COM+ Event System
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Fax
    Helps you send and receive faxes
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Fax Service
    DEPENDENCIES : TapiSrv
    : RpcSs
    : PlugPlay
    : Spooler
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: hfprog
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINNT\system32\hfp.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : HFP Service
    DEPENDENCIES : hfdrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: imonNT
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Intel(R) Active Monitor
    DEPENDENCIES : SMBusP
    : SIODRV
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: lanmanserver
    Provides RPC support and file, print, and named pipe sharing.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Server
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: LmHosts
    Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : TCP/IP NetBIOS Helper Service
    DEPENDENCIES : NetBT
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: mnmsrvc
    Allows authorized people to remotely access your Windows desktop using NetMeeting.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NetMeeting Remote Desktop Sharing
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MSDTC
    Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
    LOAD_ORDER_GROUP : MS Transactions
    TAG : 0
    DISPLAY_NAME : Distributed Transaction Coordinator
    DEPENDENCIES : RPCSS
    : SamSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MSIServer
    Installs, repairs and removes software according to instructions contained in .MSI files.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\msiexec.exe /V
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Installer
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetDDE
    Provides network transport and security for dynamic data exchange (DDE).
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
    LOAD_ORDER_GROUP : NetDDEGroup
    TAG : 0
    DISPLAY_NAME : Network DDE
    DEPENDENCIES : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetDDEdsdm
    Manages shared dynamic data exchange and is used by Network DDE
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network DDE DSDM
    DEPENDENCIES :
    : EGrLocalSystem
    : Network DDE DSDM
    : etwork DDE
    : ted Transaction Coordinator
    : Monitor
    : Service
    : n
    : 
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Netman
    Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Connections
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetMDSB
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : MD Simple Burner Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Norton AntiVirus Server
    Provides real-time virus scanning, reporting, and management functionality for Symantec Client Security.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : E:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Symantec AntiVirus Client
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtmsSvc
    Manages removable media, drives, and libraries.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Removable Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NVSvc
    Provides system and desktop level support to the NVIDIA display driver
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\nvsvc32.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NVIDIA Display Driver Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PACSPTISVR
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : PACSPTISVR
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PlugPlay
    Manages device installation and configuration and notifies programs of device changes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP : PlugPlay
    TAG : 0
    DISPLAY_NAME : Plug and Play
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PolicyAgent
    Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IPSEC Policy Agent
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ProtectedStorage
    Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Protected Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasAuto
    Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Auto Connection Manager
    DEPENDENCIES : RasMan
    : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasMan
    Creates a network connection.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Connection Manager
    DEPENDENCIES : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteAccess
    Offers routing services to businesses in local area and wide area network environments.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Routing and Remote Access
    DEPENDENCIES : RpcSS
    : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteRegistry
    Allows remote registry manipulation.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Registry Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds

    SERVICE_NAME: RpcSs
    Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC)
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RSVP
    Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : QoS RSVP
    DEPENDENCIES : TcpIp
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SamSs
    Stores security information for local user accounts.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Security Accounts Manager
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SCardDrv
    Provides support for legacy smart card readers attached to the computer.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card Helper
    DEPENDENCIES : +Smart Card Reader
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SCardSvr
    Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card
    DEPENDENCIES : PlugPlay
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Schedule
    Enables a program to run at a designated time.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\MSTask.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Task Scheduler
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: seclogon
    Enables starting processes under alternate credentials
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : RunAs Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SENS
    Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : System Event Notification
    DEPENDENCIES : EventSystem
    SERVICE_START_NAME: LocalSystem
     
    jazi,
    #16
  18. 2005/12/14
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    part 2

    SERVICE_NAME: SharedAccess
    Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Internet Connection Sharing
    DEPENDENCIES : RasMan
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SoundMAX Agent Service (default)
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SoundMAX Agent Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Spooler
    Loads files to memory for later printing.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
    LOAD_ORDER_GROUP : SpoolerGroup
    TAG : 0
    DISPLAY_NAME : Print Spooler
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SPTISRV
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Sony SPTI Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: StarWindService
    Enables network access to local devices via iSCSI protocol.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : StarWind iSCSI Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: StiSvc
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Still Image Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SymWSC
    Symantec WMI Service
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SymWMI Service
    DEPENDENCIES : winmgmt
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SysmonLog
    Configures performance logs and alerts.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Performance Logs and Alerts
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TapiSrv
    Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telephony
    DEPENDENCIES : PlugPlay
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TlntSvr
    Allows a remote user to log on to the system and run console programs using the command line.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telnet
    DEPENDENCIES : RpcSs
    : TcpIp
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TrkWks
    Sends notifications of files moving between NTFS volumes in a network domain.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Distributed Link Tracking Client
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: UPS
    Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Uninterruptible Power Supply
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: UtilMan
    Starts and configures accessibility tools from one window
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Utility Manager
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: vsmon
    Monitors internet traffic and generates alerts for disallowed access.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\ZoneLabs\vsmon.exe -service
    LOAD_ORDER_GROUP : TrueVector Group
    TAG : 0
    DISPLAY_NAME : TrueVector Internet Monitor
    DEPENDENCIES : Afd
    : RpcSs
    : vsdatant
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: W32Time
    Sets the computer clock.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Time
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WinMgmt
    Provides system management information.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds

    SERVICE_NAME: WMDM PMSP Service
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\MsPMSPSv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : WMDM PMSP Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WmdmPmSN
    Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Portable Media Serial Number Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Wmi
    Provides systems management information to and from drivers.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: wuauserv
    Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Automatic Updates
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WZCSVC
    Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : Wireless Configuration
    DEPENDENCIES : RpcSs
    : Ndisuio
    : ProtectedStorage
    : WMI
    SERVICE_START_NAME: LocalSystem
     
    jazi,
    #17
  19. 2005/12/14
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    also ran the new2bat file but the generated peek1.txt file was empty....
     
    jazi,
    #18
  20. 2005/12/22
    jazi

    jazi Inactive Thread Starter

    Joined:
    2005/10/17
    Messages:
    29
    Likes Received:
    0
    thank you all for your help but noahdfear, any update on the problem please? thanks
     
    jazi,
    #19
  21. 2005/12/23
    indmusic

    indmusic Well-Known Member

    Joined:
    2002/10/23
    Messages:
    143
    Likes Received:
    3
    I don't no NoadFear that well, but I will vouch to say that he is really busy at this time
    Can you do the following please
    ==Download and Install
    Windows Cleanup! 4.0
    Don't run it yet

    ==Download and then Install
    Ewido Security Suite

    When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu ".

    From the main ewido screen, click on Update in the left menu, then click the Start update button.
    After the update finishes (the status bar at the bottom will display "Update successful ")
    Close out Ewido for now, we'll need it later
    If for some reason the Updater won't work can you manually download the
    Updates from this link after you have Ewido installed
    http://www.ewido.net/en/download/updates/

    If you don't have Ad-Aware SE personal 1.06
    Download and InstallAd-Aware SE Personal 1.06
    Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
    Don't run a scan yet

    Please save these instructions to a Notepad file and save it to your Desktop for reference
    or Print them out!

    RESTART your Computer into SAFE MODE
    You can do this by tapping the F8 key as the system is restarting, just before Windows loads
    Choose Safe mode from the startup menu and hit Enter

    ==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    Set the program up as follows:
    Click "Options... "
    Move the arrow down to "Custom CleanUp! "
    Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

    Click OK
    Press the CleanUp! button to start the program.
    When it's done, decline to log off or restart the computer

    ==Open Ewido Security Suite
    Click on the Scanner button on the left menu
    Select Complete System Scan
    *If Ewido finds something it will prompt you with "Infected Object found "
    Ensure the following are Selected
    *1. Perform Action = Remove
    *2. Create Encrypted Backup in Quarantine (Recommended)
    *3. Perform action with all infections

    Then click OK
    When Ewido has finished it's scan click the "Save Report" button
    Save the report to desktop
    Exit Ewido
    NOTE: When Ewido is running, don't open any other Windows

    Open Ad-Aware
    Click START
    Click the radio button to Perform a Full system scan then click NEXT
    When it's finished scanning
    At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
    click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

    RESTART your computer back to Normal mode

    Back in Windows
    Can I see the following please
    1. Run a "System scan and save logfile" Post the new log
    2. Post the WHOLE report you saved earlier from Ewido
     
    indmusic,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...