1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Need advice as the rest/ZipZappromos POPUPS Please

Discussion in 'Malware and Virus Removal Archive' started by Flamekeeper, 2005/02/28.

Thread Status:
Not open for further replies.
  1. 2005/02/28
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    tried everything I could ,with no luck. I see theres a few others trying for the same thing Here is my log file to start anyone off with,need help Bad.

    I,ve run SpyBot,evrything clean looks good, Ran ADWare but dont know exactly what to check to delete,only 3 yrs, experience on the PC, but learning. the Preacher/Flamekeeper. thanks to anyone who can help


    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:46 PM, on 2/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WORDsearch 7\ZipScript.exe
    C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\NavPress\ZIPscrpt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com/to.php?ID1=457&ID2=22720648&ID3=33721634547&ID4=1&ID5={7EC5C836-F51F-44E7-9233-B14D136A7782}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com/to.php?ID1=457&ID2=22720648&ID3=33721634547&ID4=1&ID5={7EC5C836-F51F-44E7-9233-B14D136A7782}
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
    O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ZipScript] C:\Program Files\WORDsearch 7\ZipScript.exe
    O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe" /startup
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: hp officejet 4100 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1034_EN_XP.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D079F4AE-A4CB-4804-9390-5DC68CEDFC6A}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
     
    Last edited: 2005/02/28
    Flamekeeper,
    #1
  2. 2005/02/28
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    attach to post

    I,ve run SpyBot,evrything clean looks good, Ran ADWare but dont know exactly what to check to delete,only 3 yrs, experience on the PC, but learning. the Preacher/Flamekeeper. thanks to anyone who can help
     
    Last edited: 2005/02/28
    Flamekeeper,
    #2


  3. to hide this advert.

  4. 2005/02/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Flamekeeper :)

    Please download the List Installed Programs script from here, run it and post it's log.
     
    noahdfear,
    #3
  5. 2005/02/28
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    As Requested , THANK YOU DAVE

    INSTALLED SOFTWARE (164) - YOUR-OOKWKW9JWC - 2/28/2005 8:32:46 PM

    3D Home Architect 4
    3DNA PNY Verto Ver: 105004
    Ad-Aware SE Personal
    Adobe Acrobat 5.0 Ver: 5.0
    Adobe Photoshop Elements Ver: 1.0
    Adobe Reader 6.0 Ver: 6.0 Installed: 10/22/2004
    AdStatus Service
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Computer Check-Up
    AOL Connectivity Services
    AOL Spyware Protection Ver: 1.0.66
    AOL Toolbar
    AOL You've Got Pictures Screensaver
    ArcSoft Picture Software
    Batch Update Ver: 2.1 Installed: 7/29/2004
    Bible Data Type System Files Ver: 2.1 Installed: 7/29/2004
    CC_ccProxyExt Ver: 103.0.2.10 Installed: 9/26/2004
    ccCommon Ver: 103.0.2.10 Installed: 9/26/2004
    ccPxyCore Ver: 103.0.2.10 Installed: 9/26/2004
    Common System Files Ver: 2.1 Installed: 7/29/2004
    Dawn
    Excavation from Hewlett-Packard Desktops (remove only)
    GemMaster 3 from Hewlett-Packard Desktops (remove only)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 1/17/2004
    HijackThis 1.99.1 Ver: 1.99.1
    HP Deskjet printer preloaded drivers Ver: 1.00.0200 Installed: 4/9/2003
    HP Digital Imaging Album Printing 1.0 Ver: 1.00.0000 Installed: 4/9/2003
    HP Instant Support Ver: 4.03.03
    HP Memories Disc Ver: 1.0.7.808 Installed: 4/9/2003
    hp officejet 4100 series
    hp officejet 4100 series Ver: 1.10.0000 Installed: 1/19/2004
    HP Photo and Imaging 1.2 - Photosmart Cameras Ver: 2.0.0000 Installed: 4/9/2003
    HP Photo and Imaging 2.0 - All-in-One Ver: 1.10.0000 Installed: 1/17/2004
    HP Photo and Imaging 2.0 - All-in-One Drivers Ver: 1.10.0000 Installed: 1/17/2004
    HP Photo and Imaging 2.0 - hp officejet 4100 series
    HP Photosmart printers preloaded drivers Ver: 1.00.0001 Installed: 4/9/2003
    HpSdpAppCoreApp Ver: 2.00.0000 Installed: 4/9/2003
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    InterVideo WinDVD Player Ver: 4.0-B11.386
    KBD
    Learn2 Player (Uninstall Only)
    Lernout & Hauspie TruVoice American English TTS Engine
    Libronix Digital Library System
    Libronix Digital Library System Ver: 2.1 Installed: 7/29/2004
    Libronix DLS Application Ver: 2.1 Installed: 7/29/2004
    Libronix DLS Shortcuts Ver: 2.1 Installed: 7/29/2004
    Libronix Update Ver: 2.1 Installed: 7/29/2004
    LiveReg (Symantec Corporation) Ver: 3.0.0
    LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
    LLS Resource Driver Ver: 2.1 Installed: 7/29/2004
    Logitech Desktop Messenger
    Logitech ImageStudio Ver: 7.30.0000 Installed: 1/17/2004
    Logitech Print Service
    Mavis Beacon Teaches Typing Deluxe 15
    Microsoft .NET Framework (English) Ver: 1.0.3705 Installed: 2/16/2005
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB886906)
    Microsoft AntiSpyware Ver: 1.0 Installed: 2/28/2005
    Microsoft Data Access Components KB870669
    Microsoft MapPoint 2002 North America Ver: 9.00.16.2000 Installed: 1/1/2005
    Microsoft Office XP Media Content Ver: 10.0.2619.0 Installed: 1/17/2004
    Microsoft Office XP Media Content Deluxe Ver: 10.0.2619.0 Installed: 1/17/2004
    Microsoft Picture It! Photo 7.0 Ver: 7.0.0.0000 Installed: 1/17/2004
    Microsoft Publisher 2002 Ver: 10.0.2627.01 Installed: 1/17/2004
    Microsoft Windows Journal Viewer Ver: 1.5.2315.3 Installed: 1/18/2004
    Microsoft Works 2000 Ver: 1.0.0.0000 Installed: 1/17/2004
    MSN Toolbar
    MSRedist Ver: 1.0.0.0 Installed: 9/26/2004
    MUSICMATCH® Jukebox
    Norton AntiSpam Ver: 2005.1.0.163 Installed: 9/26/2004
    Norton AntiSpam Ver: 2005.1.0.163 Installed: 9/26/2004
    Norton AntiVirus 2005 Ver: 11.0.2 Installed: 9/26/2004
    Norton Internet Security Ver: 1.0.0 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 9/26/2004
    Norton Internet Security 2005 (Symantec Corporation) Ver: 8.0.0.64
    Norton WMI Update Ver: 2005.1.0.111 Installed: 9/26/2004
    Norton WMI Update Ver: 2005.1.0.111 Installed: 9/26/2004
    NVDVD
    NVIDIA Drivers
    NVIDIA Windows 2000/XP Display Drivers
    OEB Resource Driver Ver: 2.1 Installed: 7/29/2004
    OmniPass
    PC-Doctor for Windows
    PDF Resource Driver Ver: 2.1 Installed: 7/29/2004
    penPalette 1.0
    Power BibleCD
    procreate(TM) Painter Classic(TM)
    PS2
    Pure Networks Port Magic Ver: 1.2.1393.0
    Python 2.2 combined Win32 extensions
    Python 2.2.1 Ver: 2.2.1
    Quicken 2003 New User Edition Ver: 12.00.0000 Installed: 4/9/2003
    Quicken 2003 New User Edition Ver: 12.00.0000 Installed: 4/9/2003
    QuickTime
    QuickVerse 7.0
    RealOne Player
    RecordNow Ver: 5.0 Installed: 4/9/2003
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Screen Shot Deluxe 6.0 Ver: 6.00.0000 Installed: 8/20/2004
    Screen Shot Deluxe 6.0 Ver: 6.00.0000 Installed: 8/20/2004
    Shockwave Flash
    ShowBiz DVD
    Simple Backup for My Pictures Ver: 4.83 Installed: 4/9/2003
    Simple Installer - Multilanguage Version
    Sonic Update Manager Ver: 2.9 Installed: 2/10/2004
    SpamSubtract
    SPBBC Ver: 1.00.0000 Installed: 9/26/2004
    Spybot - Search & Destroy 1.2 Ver: 1.2
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/4/2005
    Symantec Script Blocking Installer Ver: 11.0.2 Installed: 9/26/2004
    SymNet Ver: 5.4.2.17 Installed: 9/26/2004
    toolkit
    Updates from HP
    Viewpoint Media Player
    vknadfl
    Wacom Tablet Driver
    WebFldrs XP Ver: 9.50.6513 Installed: 4/9/2003
    WildTangent GameChannel (remove only)
    Windows Driver Package - Realtek Semiconductor Corp. MEDIA 12/12/2003 5.10.00.5410 Ver: 5.10.00.5410
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707 Ver: 20040929.110854
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB885884 Ver: 20040924.025457
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB887797 Ver: 20041018.133824
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
    Windows XP Service Pack 2 Ver: 20040803.231319
    WinRescue XP
    WordPerfect Productivity Pack
    WordPerfect Productivity Pack Ver: 10 Installed: 4/9/2003
    WORDsearch Basic Edition Ver: 7
    WORDsearch BSS - His Disciples Ver: 1.00.0000 Installed: 6/1/2004
    WORDsearch BSS - His Disciples Ver: 1.00.0000 Installed: 6/1/2004
    WORDsearch POSB - 2 Kings Ver: 1.00.0000 Installed: 6/1/2004
    WORDsearch POSB - 2 Kings Ver: 1.00.0000 Installed: 6/1/2004
    Yahoo! Companion
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger Ver: 5.5
    Yahoo! Messenger Explorer Bar
     
    Last edited: 2005/02/28
    Flamekeeper,
    #4
  6. 2005/02/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download "Registry Search Tool" (RegSrch.vbs) from here
    http://www.billsway.com/vbspage/
    start it and paste in vknadfl, wait, hit ok. Then when wordpad opens, copy that back here please.
     
    noahdfear,
    #5
  7. 2005/03/01
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    Run ,RegSrch,it read completed in 30 ~seconds/no instances found,? :confused: Word Pad never opened.
    Thanks again, Kenny
     
    Last edited: 2005/03/01
    Flamekeeper,
    #6
  8. 2005/03/01
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    WOW! Not more than a few seconds. Reboot to safe mode and run it. Make sure the file gets saved. If it still gives you fits, use RegSearch.zip instead. Extract the contents of the zip file to it's own folder.
    Open and double-click the icon for RegSearch.exe to launch the program.
    Enter vknadfl in the top window and click OK. After completion Notepad will be opened with all the found instances. Please post that log.


    EDIT: Just saw your post..........run it in safe mode.

    __________________
    Dave

    Spybot Ad-aware CWShredder
    eTrust Online Virus Scan
     
    Flamekeeper,
    #7
  9. 2005/03/01
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    Good Deal, I thought I done messed up LOL.

    :) REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "vknadfl" 3/1/2005 5:27:02 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vknadfl "= "c:\\windows\\system32\\vknadfl.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vknadfl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vknadfl]
    "UninstallString "= "c:\\windows\\system32\\vknadfl.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vknadfl]
    "DisplayName "= "vknadfl "

    [HKEY_USERS\S-1-5-21-1852791981-3249577015-1030444303-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\windows\\system32\\vknadfl.exe "= "vknadfl "
     
    Flamekeeper,
    #8
  10. 2005/03/01
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    Registry search results ,I hope it helps ,these popups are killing me ,
    I,ve also have these programs downloaded ready to help,
    ie-spyad
    killbox
    reglite
    I sure do appreicate all that you do for the less knowledgeable people like myself, Thanks Alot noah , I know by reading the other posts about the same problem you are the Man to be listening to.
     
    Last edited: 2005/03/01
    Flamekeeper,
    #9
  11. 2005/03/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Save this to text where you can access it in safe mode.

    First, create a new folder named HJT in My Documents, then move HijackThis.exe to it.

    Unzip the Pocket Killbox files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\System32\vknadfl.exe

    Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

    C:\WINDOWS\Downlo~1\EGDACCESS.inf
    C:\WINDOWS\system32\EGDACCESS_1057.dll



    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com/to.php?ID1=457&ID2=22720648&ID3=33721634547&ID4=1&ID5={7EC5C836-F51F-44E7-9233-B14D136A7782}
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
    O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari..._1034_EN_XP.cab




    Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

    Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.


    Open RegLite and copy/paste the following string in the address window then click go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    The forum format puts a space in the word current that you will need to edit out before clicking Go.

    Right click the "vknadfl "= "c:\\windows\\system32\\vknadfl.exe -start" value in the right pane and delete. Then copy/paste the following.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qjpcbtsnx

    Right click the vknadfl key in the left pane and delete.


    Exit Reglite.


    Open C:\Program Files and delete the folder AdStatus Service.
    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.
    Uncheck the /safeboot box in msconfig and ok to reboot.

    Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK.

    Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

    Run another HijackThis scan and post the log. Let us know if the popups stop.
     
    noahdfear,
    #10
  12. 2005/03/03
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    No popups so far

    As you requested Dave, The scan report,
    <HTML><FONT SIZE=2 PTSIZE=10 FAMILY= "SANSSERIF" FACE= "Arial" LANG= "0 ">Scan started at 3/3/2005 8:36:15 PM<BR>
    <BR>
    Scanning memory...<BR>
    Scanning boot sectors...<BR>
    Scanning files...<BR>
    C:\Program Files\Microsoft AntiSpyware\Quarantine\A3748DD2-7D16-462C-B920-2E41B0\56591335-A1D2-44E1-B33B-709D18 - Trojan:Win32/Dialer.FA -&gt; Infected<BR>
    <BR>
    Scanned<BR>
    ============================<BR>
    Objects: 106309<BR>
    Directories: 6636<BR>
    Archives: 19004<BR>
    Size(Kb): -1872300<BR>
    Infected files: 1<BR>
    <BR>
    Found<BR>
    ============================<BR>
    Viruses found: 1<BR>
    Suspicious files: 0<BR>
    Disinfected files: 0<BR>
    Mail files: 129<BR>
    <BR>
    </FONT></HTML>


    The New High Jack report,
    <HTML><FONT SIZE=2 PTSIZE=10 FAMILY= "SANSSERIF" FACE= "Arial" LANG= "0 ">Logfile of HijackThis v1.99.1<BR>
    Scan saved at 10:10:57 PM, on 3/3/2005<BR>
    Platform: Windows XP SP2 (WinNT 5.01.2600)<BR>
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<BR>
    <BR>
    Running processes:<BR>
    C:\WINDOWS\System32\smss.exe<BR>
    C:\WINDOWS\system32\winlogon.exe<BR>
    C:\WINDOWS\system32\services.exe<BR>
    C:\WINDOWS\system32\lsass.exe<BR>
    C:\WINDOWS\system32\svchost.exe<BR>
    C:\WINDOWS\System32\svchost.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<BR>
    C:\Program Files\Norton Internet Security\ISSVC.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<BR>
    C:\WINDOWS\system32\spoolsv.exe<BR>
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<BR>
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe<BR>
    C:\WINDOWS\System32\nvsvc32.exe<BR>
    C:\Program Files\Softex\OmniPass\Omniserv.exe<BR>
    C:\WINDOWS\System32\svchost.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>
    C:\WINDOWS\System32\Tablet.exe<BR>
    C:\Program Files\Softex\OmniPass\OPXPApp.exe<BR>
    C:\WINDOWS\Explorer.EXE<BR>
    C:\windows\system\hpsysdrv.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe<BR>
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe<BR>
    C:\HP\KBD\KBD.EXE<BR>
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE<BR>
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe<BR>
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe<BR>
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe<BR>
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe<BR>
    C:\WINDOWS\LTMSG.exe<BR>
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe<BR>
    C:\WINDOWS\ALCXMNTR.EXE<BR>
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe<BR>
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe<BR>
    C:\WINDOWS\system32\ctfmon.exe<BR>
    C:\Program Files\WORDsearch 7\ZipScript.exe<BR>
    C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe<BR>
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe<BR>
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe<BR>
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe<BR>
    C:\Program Files\interMute\SpySubtract\SpySub.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe<BR>
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe<BR>
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe<BR>
    C:\NavPress\ZIPscrpt.exe<BR>
    C:\Program Files\America Online 9.0a\waol.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe<BR>
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe<BR>
    C:\Program Files\America Online 9.0a\shellmon.exe<BR>
    C:\Program Files\Common Files\Aol\aoltpspd.exe<BR>
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe<BR>
    C:\Program Files\Messenger\msmsgs.exe<BR>
    C:\Documents and Settings\Owner\My Documents\HijackThis.exe<BR>
    <BR>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/<BR>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/<BR>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html<BR>
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com<BR>
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com<BR>
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll<BR>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll<BR>
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll<BR>
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll<BR>
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll<BR>
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll<BR>
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL<BR>
    O3 - Toolbar: &amp;Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll<BR>
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll<BR>
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll<BR>
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll<BR>
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe<BR>
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe<BR>
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe<BR>
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe<BR>
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE<BR>
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot<BR>
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE<BR>
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<BR>
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install<BR>
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe<BR>
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE<BR>
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe<BR>
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe<BR>
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<BR>
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe<BR>
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<BR>
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "<BR>
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run<BR>
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7<BR>
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe<BR>
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "<BR>
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE<BR>
    O4 - HKLM\..\Run: [vknadfl] c:\windows\system32\vknadfl.exe -start<BR>
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "<BR>
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "<BR>
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet<BR>
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<BR>
    O4 - HKCU\..\Run: [ZipScript] C:\Program Files\WORDsearch 7\ZipScript.exe<BR>
    O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe" /startup<BR>
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe<BR>
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe<BR>
    O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe<BR>
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<BR>
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe<BR>
    O4 - Global Startup: hp officejet 4100 series.lnk = ?<BR>
    O4 - Global Startup: hpoddt01.exe.lnk = ?<BR>
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe<BR>
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<BR>
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?<BR>
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe<BR>
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe<BR>
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe<BR>
    O8 - Extra context menu item: &amp;AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML<BR>
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<BR>
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<BR>
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll<BR>
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll<BR>
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll<BR>
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll<BR>
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB<BR>
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&amp;clcid=0x409<BR>
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab<BR>
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab<BR>
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab<BR>
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll<BR>
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab<BR>
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab<BR>
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab<BR>
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab<BR>
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D079F4AE-A4CB-4804-9390-5DC68CEDFC6A}: NameServer = 205.188.146.145<BR>
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll<BR>
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll<BR>
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<BR>
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe<BR>
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<BR>
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe<BR>
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe<BR>
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<BR>
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe<BR>
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe<BR>
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe<BR>
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe<BR>
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe<BR>
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe<BR>
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe<BR>
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<BR>
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<BR>
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe<BR>
    <BR>
    </FONT></HTML>

    Been online 4 different times Noah and no POPUPS, Praise God.. and may He Bless you for the services you provided. Doe's everything look OK ,Is there anything else I should do?. Your freind the Preacher,FlameKeeper.
     
    Flamekeeper,
    #11
  13. 2005/03/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis and place a check next to the following remaining entries. Close ALL other windows and click fix.

    O4 - HKLM\..\Run: [vknadfl] c:\windows\system32\vknadfl.exe -start
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

    Open MS Antispyware and delete the quarantines.

    Reboot.

    Re-enable System Restore and create a manual restore point.

    Also recommend you uninstall Spybot Version 1.2, download Spybot Version 1.3 from my signature and install. Allow it to load SD Helper. Open it up and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
    Then download IESpyad, double click to extract, open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

    That will give you some added layers of protection against unwanted parasites.

    Happy I could help.:)
     
    noahdfear,
    #12
  14. 2005/03/04
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    Still finishing up on the rest , But when I copy.then try to print , the printer is'nt picking up the orders, could you have any Suggestions on this matter?. sure would appreciate it .thanks again very much for your help. :) Flamekeeper
     
    Flamekeeper,
    #13
  15. 2005/03/04
    Flamekeeper

    Flamekeeper Inactive Thread Starter

    Joined:
    2005/02/28
    Messages:
    10
    Likes Received:
    0
    Noah , fixed the printer working fine ,AOL having problems on startup ,but everything looks good so far,Thanks again , and again :D , this is what I looked like for about a month :eek: LOL. let you know if something comes up . Flamekeeper
     
    Flamekeeper,
    #14
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...