1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Need help with EGDHTML iE ACCESS

Discussion in 'Malware and Virus Removal Archive' started by jerry wells, 2005/02/25.

Thread Status:
Not open for further replies.
  1. 2005/02/25
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    Can't Get Rid Of THe Pop Ups From Instant Access And Edghtml



    Logfile of HijackThis v1.99.1
    Scan saved at 7:25:44 PM, on 2/25/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Copper HiSpeed\copperhispeed.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Gerald\Desktop\downlload2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com/ "); (C:\Documents and Settings\Gerald\Application Data\Mozilla\Profiles\default\0hribpt5.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Gerald\Application Data\Mozilla\Profiles\default\0hribpt5.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Copper HiSpeed\PBHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
    O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
    O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe "
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Global Startup: Copper HiSpeed.lnk = C:\Program Files\Copper HiSpeed\copperhispeed.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Copper HiSpeed\copperhispeed.exe/250
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Copper HiSpeed\copperhispeed.exe/227
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O9 - Extra button: Support - {F09845A4-763C-4369-8EBA-72E0E2BF3FD2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{380B9E48-4AD5-4AB9-9754-3A4DE5B81829}: NameServer = 205.171.3.65 205.171.2.65
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




    INSTALLED SOFTWARE (141) - YOUR-DCVIHCQ6CA - 2/25/2005 7:19:49 PM

    Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 2/5/2005
    Adobe Acrobat and Reader 6.0.3 Update Ver: 6.0.3 Installed: 2/5/2005
    Adobe Download Manager 1.2 (Remove Only)
    Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 2/8/2004
    AIM Toolbar
    AOL Instant Messenger
    Canon Camera WIA Driver Ver: 5.0.3 Installed: 5/10/2003
    Canon FV40, ZR70 MC WIA Driver Ver: 5.0.3 Installed: 5/10/2003
    Canon PhotoRecord Ver: 02.02.00013 Installed: 12/2/2004
    Canon PIXMA iP6000D
    Canon PIXMA iP6000D Memory Card Utility
    Canon S500
    Canon Utilities Easy-PhotoPrint
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    CC_ccProxyExt Ver: 103.0.2.10 Installed: 11/27/2004
    ccCommon Ver: 103.0.2.10 Installed: 11/27/2004
    ccPxyCore Ver: 103.0.2.10 Installed: 11/27/2004
    Coloreal
    Compaq Advisor
    Compaq Wallpaper
    Compaq WinDVD
    Copper HiSpeed
    Corel Applications
    CSI Ver: 1.00.000
    DIGOpt Ver: 9.0.0917.2 Installed: 12/15/2003
    DIGReqEx Ver: 9.0.0917.2 Installed: 12/15/2003
    EA.com Update
    Easy Access Button Support
    Easy-WebPrint
    Enigma Browser (remove only)
    exPressit S.E. 2.1
    FPSpellCheck (remove only)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 1/4/2004
    HijackThis 1.99.1 Ver: 1.99.1
    HSP56 MicroModem Drivers
    ifkstnv
    IncrediMail Xe
    Instant Access
    Intel(R) PRO Network Adapters and Drivers
    InterActual Player
    Internet Explorer Exception pack
    Internet Explorer ReadMe
    InterVideo Installer
    Java 2 Runtime Environment, SE v1.4.0_01
    Java 2 Runtime Environment, SE v1.4.1_02
    Java Web Start
    LiveReg (Symantec Corporation) Ver: 3.0.0
    LiveUpdate 2.5 (Symantec Corporation) Ver: 2.5.55.0
    MGI PhotoSuite III SE (Remove Only)
    Microsoft AntiSpyware Ver: 1.0 Installed: 2/13/2005
    Microsoft Data Access Components KB870669
    Microsoft Digital Image Pro 7.0 Ver: 7.0.0.0000 Installed: 12/26/2002
    Microsoft IntelliPoint 4.1 Ver: 4.10.0851 Installed: 6/11/2003
    Microsoft Picture It! Express 9 Ver: 9.0.0912
    Microsoft Picture It! Express 9 Ver: 9.0.0912 Installed: 12/15/2003
    Microsoft Picture It! Library 9 Ver: 9.0.0912
    Microsoft Picture It! Library 9 Ver: 9.0.0912 Installed: 12/15/2003
    Microsoft Plus! Digital Media Edition Ver: 1.1.0.2423 Installed: 2/3/2004
    Microsoft Works 6.0 Ver: 06.00.1829 Installed: 10/28/2001
    Mozilla (1.7.5)
    Mozilla Firefox (1.0) Ver: 1.0 (en-US)
    MS Access 97 SP2
    MSN Encarta Plus Support Files Ver: 9.0.0801 Installed: 12/15/2003
    MSN Messenger 6.2 Ver: 6.2.0137 Installed: 9/25/2004
    MSN Toolbar
    MSRedist Ver: 1.0.0.0 Installed: 11/27/2004
    Netscape (7.2)
    Netscape Internet Service Installed: 1/19/2005
    Netscape Web Accelerator Installed: 1/19/2005
    Network Play System (Patching)
    Norton AntiSpam Ver: 2005.1.0.163 Installed: 11/27/2004
    Norton AntiSpam Ver: 2005.1.0.163 Installed: 11/27/2004
    Norton AntiVirus 2005 Ver: 11.0.2 Installed: 11/27/2004
    Norton Internet Security Ver: 1.0.0 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security Ver: 8.0.0.64 Installed: 11/27/2004
    Norton Internet Security 2005 (Symantec Corporation) Ver: 8.0.0.64
    Norton WMI Update Ver: 2005.1.0.111 Installed: 11/27/2004
    Norton WMI Update Ver: 2005.1.0.111 Installed: 11/27/2004
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    OneTouch Version 3.0 Ver: Version 3.0
    PaperPort 7.02
    PIXELA ImageMixer
    Quicken 2001 Deluxe
    Quicken 2001 Install
    QuickTime
    Registrar Lite 2.00
    Saitek SD02.5 NT Drivers
    Scan Manager 3.0
    Shockwave
    Shockwave Flash
    SoundMAX2
    SPBBC Ver: 1.00.0000 Installed: 11/27/2004
    SpyHunter Ver: 2.0 Installed: 02/17/2005
    Stomp DLA Ver: 3.57 Installed: 3/28/2004
    Stomp RecordNow MAX Ver: 4.50 Installed: 3/28/2004
    Studio 8
    Super GameHouse Solitaire
    Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/1/2005
    Symantec Script Blocking Installer Ver: 11.0.2 Installed: 11/27/2004
    SymNet Ver: 5.4.2.17 Installed: 11/27/2004
    TextBridge Pro 9.0
    The Sims Vacation
    TriPeaks 2001
    ubi.com
    Ulead DVD PictureShow 2 Ver: 2.00.0000
    Ultimate Solitaire
    VERITAS StorageGuard Ver: 2.61.0 Installed: 2/11/2004
    Viewpoint Media Player
    WebFldrs XP Ver: 9.50.5318 Installed: 10/28/2001
    WebSearch Tools
    WildTangent Web Driver
    Winamp (remove only)
    Windows Blaster Worm Removal Tool (KB833330)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707 Ver: 20040929.110854
    Windows XP Hotfix - KB867282 Ver: 20050127.090417
    Windows XP Hotfix - KB873333 Ver: 20050114.005213
    Windows XP Hotfix - KB873339 Ver: 20041117.092459
    Windows XP Hotfix - KB885250 Ver: 20050118.202711
    Windows XP Hotfix - KB885835 Ver: 20041027.181713
    Windows XP Hotfix - KB885836 Ver: 20041028.173203
    Windows XP Hotfix - KB886185 Ver: 20041021.090540
    Windows XP Hotfix - KB887472 Ver: 20041014.162858
    Windows XP Hotfix - KB887742 Ver: 20041103.095002
    Windows XP Hotfix - KB888113 Ver: 20041116.131036
    Windows XP Hotfix - KB888302 Ver: 20041207.111426
    Windows XP Hotfix - KB890047 Ver: 20041221.124506
    Windows XP Hotfix - KB890175 Ver: 20041201.233338
    Windows XP Hotfix - KB891781 Ver: 20050110.165439
    Windows XP Service Pack 2 Ver: 20040803.231319
    WinZip Ver: 8.1 SR-1 (5266)
    XoftSpy



    SEARCH RESULTS WERE " no instances of ifkstnv found "

    thanks for your help
     
    Last edited: 2005/02/26
    jerry wells,
    #1
  2. 2005/02/25
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    TonyT,
    #2


  3. to hide this advert.

  4. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS jerry wells :)

    Download "Registry Search Tool" (RegSrch.vbs) from here
    http://www.billsway.com/vbspage/
    start it and paste in ifkstnv, wait, hit ok. Then when wordpad opens, copy that back here please.
     
    noahdfear,
    #3
  5. 2005/02/26
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    ifkstnv

    I did download and complete a search
    search results were "no instances of ifkstnv found "

    thanks for helping
     
    jerry wells,
    #4
  6. 2005/02/26
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    ifkstnv

    I did find another registery seeker and ran it

    results were, in front of the line was a standard file picture then the words

    HKEY_LOCAL_MACHINE system\controlset002\control\print\environments\windowsntx86\printprocessors\
    ifkstnv
     
    jerry wells,
    #5
  7. 2005/02/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Download RegSearch.zip and extract the contents of the zip file to it's own folder.

    Reboot to safe mode.

    Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program. Enter Instant Access in the top window, ifkstnv on the next line and click OK. After completion Notepad will be opened with all the found instances. A copy will be created and saved in that folder. Please post that log.
     
    noahdfear,
    #6
  8. 2005/02/26
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    search results

    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]

    [HKEY_USERS\S-1-5-21-2376740472-3942243025-809299238-1006\Software\NVIDIA Corporation\Global\nView\WindowManagement\instant access]
     
    jerry wells,
    #7
  9. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hmmm, I think some registry entries are being concealed. :(

    Save this to text where you can access it in safe mode.

    Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

    Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\system32\EGDACCESS_1057.dll

    Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

    C:\WINDOWS\Downlo~1\EGDACCESS.inf



    Download and install Reglite.


    Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess


    Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

    Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

    Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.


    Open RegLite and copy/paste the following string in the address window then click go.
    The forum format puts a space in the word current that you will need to edit out before clicking Go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access

    click go and delete the Instant Access key in the left pane.

    Exit Reglite.


    Open C:\Temp if present, select all and delete.
    Open C:\Windows\Temp, select all and delete.
    Open C:\Windows\Prefetch, select all and delete.
    Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
    Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
    Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.
    Uncheck the /safeboot box in msconfig and ok to reboot.


    Run another HijackThis scan and post the log. Let us know if the popups stop.
     
    noahdfear,
    #8
  10. 2005/02/27
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    ran in safe mode

    I did run again in safe mode this is what I got

    REGEDIT4

    ; Registry Search by Bobbi Flekman
    ; Version: 1.0.1.0

    ; Results at 2/27/2005 9:02:48 AM for strings:
    ; 'instant access'
    ; 'ifkstnv'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ifkstnv]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ifkstnv "= "c:\\windows\\system32\\ifkstnv.exe -start "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ifkstnv]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ifkstnv]
    "UninstallString "= "c:\\windows\\system32\\ifkstnv.exe -uninstall "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ifkstnv]
    "DisplayName "= "ifkstnv "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
    "DisplayName "= "Instant Access "REGEDIT4
     
    jerry wells,
    #9
  11. 2005/02/27
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    msconfig.

    msconfig. will not do anything only says not found
    To go to safe mode I have to use F8 is that alright
    I have downloaded killbox and reglite and will
    await your instructions
    Thanks again for helping me
    Jerry Wells
     
    jerry wells,
    #10
  12. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    If you added the period in the run command, that would be the problem. Yes, F8 will get you there. Add the following to Killbox.

    C:\WINDOWS\system32\ifkstnv.exe

    and this to RegLite instructions.

    Open RegLite and copy/paste the following string in the address window then click go.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Right click the "ifkstnv "= "c:\\windows\\system32\\ifkstnv.exe -start" value in the right pane and delete. Then copy/paste the following.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ifkstnv

    Right click the ifkstnv key in the left pane and delete.
     
    noahdfear,
    #11
  13. 2005/02/27
    jerry wells

    jerry wells Inactive Thread Starter

    Joined:
    2005/02/19
    Messages:
    14
    Likes Received:
    0
    Pop ups are not popping

    No pops up so far

    Thank you for your help

    Logfile of HijackThis v1.99.1
    Scan saved at 1:24:22 PM, on 2/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe
    C:\Program Files\Copper HiSpeed\copperhispeed.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Gerald\Desktop\download 1\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com/ "); (C:\Documents and Settings\Gerald\Application Data\Mozilla\Profiles\default\0hribpt5.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Gerald\Application Data\Mozilla\Profiles\default\0hribpt5.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Copper HiSpeed\PBHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
    O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
    O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe "
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Global Startup: Copper HiSpeed.lnk = C:\Program Files\Copper HiSpeed\copperhispeed.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O9 - Extra button: Support - {F09845A4-763C-4369-8EBA-72E0E2BF3FD2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{380B9E48-4AD5-4AB9-9754-3A4DE5B81829}: NameServer = 205.171.3.65 205.171.2.65
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    jerry wells,
    #12
  14. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. :) Re-enable System Restore and create a manual restore point. Also recommend you download Spybot Version 1.3 from my signature and install. Allow it to load SD Helper. Open it up and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
    Then download and install IESpyad.

    That will give you some added layers of protection against unwanted parasites.
     
    noahdfear,
    #13
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...