and another one

adamhic · 05-04-2005, 10:32 PM

Hey guys ran into another computer with problems let me know what you think. thankx

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr__.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F3 - REG:win.ini: load=iexpIore.exe
F3 - REG:win.ini: run=iexpIore.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Default web browser] C:\WINDOWS\system32\iexpIore.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr__.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunServices: [Default web browser] C:\WINDOWS\system32\iexpIore.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\ConsumerInputUa.exe
O4 - HKCU\..\Run: [Forrester Panel] C:\Program Files\Forrester Panel\ForresterPanel.exe
O4 - HKCU\..\Run: [Forrester Panel Update] C:\Program Files\Forrester Panel\ForresterPanelUa.exe
O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm068YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/...-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.2...-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb12.pogo.com/applet-6.1...-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0....-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0....-ob-assets.cab
O16 - DPF: Bump by pogo - http://ea03.pogo.com/applet/bump/bump-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20...-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/v...-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-6.0.2....-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6....-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.5....-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet-5.8.5....-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3....-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.8.4.18...-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.2....-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.0.3.2...-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://threehole.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Perfect Passer by pogo - http://perfectpasser.pogo.com/applet...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.2...-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire30.pogo.com/applet-5...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.6.2...-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/q...-ob-assets.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.1.0.3...-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1...-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5....-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6....-ob-assets.cab
O16 - DPF: Tank Hunter by pogo - http://play03.pogo.com/applet/tank/tank-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2...-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/top...-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Tube Runner by pogo - http://ea03.pogo.com/applet/tube/tube-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2....-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/ve...-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3....-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9...-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports.com/downloads/ga...y/iesnoopy.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...0_SILENT_2.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48...ed/haunted.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/engli...er5.2AxWin.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {DE435CAE-6873-11D2-A750-00A024BB782C} (AppKeys Class) - https://corr3.uni.edu/corridor-htdocs/appkeys.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play05.pogo.com/game/deluxe/z...ploader_v5.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Lobos · 05-06-2005, 10:01 PM

Hi adamhic

Please follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.

Step 1:
Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer.

Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.

Spybot

Ad-aware

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

When you scan with both programs, fix everything that it finds.

When you are done with the scan and fixing the items.

Reboot between each one

Next

Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Post another high jack this log with the header also and any of the av scans that could not be cleaned

Lobos

Osiris · 05-18-2005, 07:41 PM

Remove entries at your own risk

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) Should be fixed.

O4 - HKLM\..\Run: [Default web browser] C:\WINDOWS\system32\iexpIore.exe Added as a result of the OBLIVION.B VIRUS! Note - don not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L Must be fixed!

O4 - HKLM\..\RunServices: [Default web browser] C:\WINDOWS\system32\iexpIore.exe Added as a result of the OBLIVION.B VIRUS! Note - don not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" Must be fixed!

O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe WinTools adware Must be fixed!

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZUxdm068YYUS The entry &Search has been identified as nasty.

O14 - IERESET.INF: START_PAGE_URL=about :blank This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'about :blank' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll This entry is possibly nasty. Should be fixed.

O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1....0_SILENT_2.cab This entry is possibly nasty. Should be fixed.

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4...23/cpbrkpie.cab This entry is possibly nasty. Should be fixed.

05-04-2005, 10:32 PM	#1 (permalink)
adamhic Junior Techie Join Date: Jun 2004 Posts: 90	and another one Hey guys ran into another computer with problems let me know what you think. thankx Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr__.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\AIM\aim.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Programs\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) F3 - REG:win.ini: load=iexpIore.exe F3 - REG:win.ini: run=iexpIore.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Default web browser] C:\WINDOWS\system32\iexpIore.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr__.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\RunServices: [Default web browser] C:\WINDOWS\system32\iexpIore.exe O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\ConsumerInputUa.exe O4 - HKCU\..\Run: [Forrester Panel] C:\Program Files\Forrester Panel\ForresterPanel.exe O4 - HKCU\..\Run: [Forrester Panel Update] C:\Program Files\Forrester Panel\ForresterPanelUa.exe O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm068YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/...-ob-assets.cab O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.2...-ob-assets.cab O16 - DPF: Animal Ark by pogo - http://playweb12.pogo.com/applet-6.1...-ob-assets.cab O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.1.0....-ob-assets.cab O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0....-ob-assets.cab O16 - DPF: Bump by pogo - http://ea03.pogo.com/applet/bump/bump-ob-assets.cab O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.8.5....-ob-assets.cab O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20...-ob-assets.cab O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5....-ob-assets.cab O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/v...-ob-assets.cab O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-6.0.2....-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9...-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6....-ob-assets.cab O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.9...-ob-assets.cab O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.9.5....-ob-assets.cab O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet-5.8.5....-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3....-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.8.4.18...-ob-assets.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9....-ob-assets.cab O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-6.1.1.2...-ob-assets.cab O16 - DPF: NASCAR Web Racing by pogo - http://nascar.pogo.com/applet-5.9.2....-ob-assets.cab O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/applet-6.0.3.2...-ob-assets.cab O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8....-ob-assets.cab O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://threehole.pogo.com/applet-5.9...-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Perfect Passer by pogo - http://perfectpasser.pogo.com/applet...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.3.2...-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://solitaire30.pogo.com/applet-5...-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.6.2...-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.2...-ob-assets.cab O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/q...-ob-assets.cab O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.1.0.3...-ob-assets.cab O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet-5.9....-ob-assets.cab O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1...-ob-assets.cab O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.5....-ob-assets.cab O16 - DPF: Spider Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5....-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6....-ob-assets.cab O16 - DPF: Tank Hunter by pogo - http://play03.pogo.com/applet/tank/tank-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2...-ob-assets.cab O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/top...-ob-assets.cab O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8....-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Tube Runner by pogo - http://ea03.pogo.com/applet/tube/tube-ob-assets.cab O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-6.0.2....-ob-assets.cab O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.1.2...-ob-assets.cab O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/ve...-ob-assets.cab O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3....-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9...-ob-assets.cab O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.2...-ob-assets.cab O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports.com/downloads/ga...y/iesnoopy.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...0_SILENT_2.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48...ed/haunted.cab O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/engli...er5.2AxWin.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab O16 - DPF: {DE435CAE-6873-11D2-A750-00A024BB782C} (AppKeys Class) - https://corr3.uni.edu/corridor-htdocs/appkeys.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play05.pogo.com/game/deluxe/z...ploader_v5.cab O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe __________________ Mail Me

05-06-2005, 10:01 PM	#2 (permalink)
Lobos Ultra Techie Join Date: Apr 2004 Posts: 617	Hi adamhic Please follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers. Step 1: Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer. Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them. Spybot Ad-aware If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer. Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer. When you scan with both programs, fix everything that it finds. When you are done with the scan and fixing the items. Reboot between each one Next Please run these two online scans. Make sure they are set to clean automatically: TrendMicro's HouseCall ActiveScan You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found. Post another high jack this log with the header also and any of the av scans that could not be cleaned Lobos __________________ AdAware \| Spybot S&D 1.4 \| spyware guard & spyware blaster \| How did I get infected in the first place By Tony Klein If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-18-2005, 07:41 PM	#3 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 25,479	Remove entries at your own risk R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) Should be fixed. O4 - HKLM\..\Run: [Default web browser] C:\WINDOWS\system32\iexpIore.exe Added as a result of the OBLIVION.B VIRUS! Note - don not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L Must be fixed! O4 - HKLM\..\RunServices: [Default web browser] C:\WINDOWS\system32\iexpIore.exe Added as a result of the OBLIVION.B VIRUS! Note - don not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L" Must be fixed! O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe WinTools adware Must be fixed! O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZUxdm068YYUS The entry &Search has been identified as nasty. O14 - IERESET.INF: START_PAGE_URL=about :blank This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'about :blank' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll This entry is possibly nasty. Should be fixed. O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1....0_SILENT_2.cab This entry is possibly nasty. Should be fixed. O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4...23/cpbrkpie.cab This entry is possibly nasty. Should be fixed.