Adware.iefeats Problem

Discussion in 'Computer Support' started by Douglas BISHOP, Jul 27, 2005.

  1. Anyone know how to actually get rid of this thing?

    Norton Internet Security 2005 can't seem to....their removal tool can't do
    it. Their Security Response document doesn't help.

    11 printed pages and nothing seems to be as they say:

    First...restart in safe mode and run system scan.....

    Wrong! NIS won't even run in safe mode for me.

    Second....delete the affected file while in safe mode...
    Well I can do that ok cause I can run a scan in normal then skip the threat,
    restart safe, delete manually, then restart in normal again....but by the
    time the PC is rebooted the adware has renamed the dll file it's hiding in
    and even moved to a different windows folder....

    Third...."Find and disable the service Windows NT/2000/XP" by running
    "services.msc". They even give 4 possible services...only one of which
    shows up. That sounds good but the instructions say to be sure that the
    "path to executable" references one of the detected files. Well NIS didn't
    list any service and the one on my system doesn't reference the detected
    file anyway.

    Fourth....there are half a dozen registry edits to make. With the track
    record of this document so far, do I dare make any changes to the registry?

    I need help with this one...really bad.

    Oh yeah....when I try to view the Norton activity log, the program shuts
    down with the "send error report?" screen.

    I have also tried Spybot S&D but I can't keep it gone there either.
    Douglas BISHOP, Jul 27, 2005
    #1
    1. Advertising

  2. Douglas BISHOP

    pcbutts1 Guest

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to the group so that
    it can be analyzed.

    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Douglas BISHOP" <> wrote in message
    news:MpCFe.61$...
    > Anyone know how to actually get rid of this thing?
    >
    > Norton Internet Security 2005 can't seem to....their removal tool can't do
    > it. Their Security Response document doesn't help.
    >
    > 11 printed pages and nothing seems to be as they say:
    >
    > First...restart in safe mode and run system scan.....
    >
    > Wrong! NIS won't even run in safe mode for me.
    >
    > Second....delete the affected file while in safe mode...
    > Well I can do that ok cause I can run a scan in normal then skip the
    > threat,
    > restart safe, delete manually, then restart in normal again....but by the
    > time the PC is rebooted the adware has renamed the dll file it's hiding in
    > and even moved to a different windows folder....
    >
    > Third...."Find and disable the service Windows NT/2000/XP" by running
    > "services.msc". They even give 4 possible services...only one of which
    > shows up. That sounds good but the instructions say to be sure that the
    > "path to executable" references one of the detected files. Well NIS
    > didn't
    > list any service and the one on my system doesn't reference the detected
    > file anyway.
    >
    > Fourth....there are half a dozen registry edits to make. With the track
    > record of this document so far, do I dare make any changes to the
    > registry?
    >
    > I need help with this one...really bad.
    >
    > Oh yeah....when I try to view the Norton activity log, the program shuts
    > down with the "send error report?" screen.
    >
    > I have also tried Spybot S&D but I can't keep it gone there either.
    >
    >
    >
    pcbutts1, Jul 27, 2005
    #2
    1. Advertising

  3. Douglas BISHOP

    WormWood Guest

    "Douglas BISHOP" <> wrote in message
    news:MpCFe.61$...
    > Anyone know how to actually get rid of this thing?
    >
    > Norton Internet Security 2005 can't seem to....their removal tool
    > can't do
    > it. Their Security Response document doesn't help.
    >
    > 11 printed pages and nothing seems to be as they say:
    >
    > First...restart in safe mode and run system scan.....
    >
    > Wrong! NIS won't even run in safe mode for me.
    >
    > Second....delete the affected file while in safe mode...
    > Well I can do that ok cause I can run a scan in normal then skip the
    > threat,
    > restart safe, delete manually, then restart in normal again....but by
    > the
    > time the PC is rebooted the adware has renamed the dll file it's
    > hiding in
    > and even moved to a different windows folder....
    >
    > Third...."Find and disable the service Windows NT/2000/XP" by running
    > "services.msc". They even give 4 possible services...only one of
    > which
    > shows up. That sounds good but the instructions say to be sure that
    > the
    > "path to executable" references one of the detected files. Well NIS
    > didn't
    > list any service and the one on my system doesn't reference the
    > detected
    > file anyway.
    >
    > Fourth....there are half a dozen registry edits to make. With the
    > track
    > record of this document so far, do I dare make any changes to the
    > registry?
    >
    > I need help with this one...really bad.
    >
    > Oh yeah....when I try to view the Norton activity log, the program
    > shuts
    > down with the "send error report?" screen.
    >
    > I have also tried Spybot S&D but I can't keep it gone there either.
    >
    >

    Read this and be aware that different a-v programs have different names
    for the same malware, in your case, a trojan, Adware.iefeats.
    http://vil.nai.com/vil/content/v_130641.htm
    McAfee named it StartPage FY, appropriate for one of it's dirty tricks,
    eh? btw, XP SP2 has an a-v and firewall, in case you needed to know.
    WormWood, Jul 27, 2005
    #3
  4. Douglas BISHOP

    S Stillwell Guest

    Spyware Doctor saved my friend's computer when I couldn't get spybot,
    adaware or any virus scanner to
    get rid of the 1000's of spyware infections on her Dell.
    Spyware doctor ran in safe mode when I couldn't get the
    other programs to run at all.
    It was a free trial several months ago. Looks like they
    charge for it now.
    http://www.pctools.com/spyware-doctor/

    Counter Spy is also an excellent spyware removal program.
    http://www.sunbelt-software.com/CounterSpy.cfm

    Also, microsoft has a beta version of Microsoft Antispyware which is free.
    http://www.microsoft.com/athome/security/spyware/default.mspx


    "Douglas BISHOP" <> wrote in message
    news:MpCFe.61$...
    > Anyone know how to actually get rid of this thing?
    >
    > Norton Internet Security 2005 can't seem to....their removal tool can't do
    > it. Their Security Response document doesn't help.
    >
    > 11 printed pages and nothing seems to be as they say:
    >
    > First...restart in safe mode and run system scan.....
    >
    > Wrong! NIS won't even run in safe mode for me.
    >
    > Second....delete the affected file while in safe mode...
    > Well I can do that ok cause I can run a scan in normal then skip the
    > threat,
    > restart safe, delete manually, then restart in normal again....but by the
    > time the PC is rebooted the adware has renamed the dll file it's hiding in
    > and even moved to a different windows folder....
    >
    > Third...."Find and disable the service Windows NT/2000/XP" by running
    > "services.msc". They even give 4 possible services...only one of which
    > shows up. That sounds good but the instructions say to be sure that the
    > "path to executable" references one of the detected files. Well NIS
    > didn't
    > list any service and the one on my system doesn't reference the detected
    > file anyway.
    >
    > Fourth....there are half a dozen registry edits to make. With the track
    > record of this document so far, do I dare make any changes to the
    > registry?
    >
    > I need help with this one...really bad.
    >
    > Oh yeah....when I try to view the Norton activity log, the program shuts
    > down with the "send error report?" screen.
    >
    > I have also tried Spybot S&D but I can't keep it gone there either.
    >
    >
    >
    S Stillwell, Jul 27, 2005
    #4
  5. Douglas BISHOP

    pcbutts1 Guest

    Format and reinstall.


    --

    "Instead of trying to bash me you should try to learn from me and
    archive my posts so you can better help people in the future. If you don't
    understand something I post then ask me my email is valid."

    -
    -




    Douglas BISHOP wrote:
    > Anyone know how to actually get rid of this thing?
    >
    > Norton Internet Security 2005 can't seem to....their removal tool
    > can't do it. Their Security Response document doesn't help.
    >
    > 11 printed pages and nothing seems to be as they say:
    >
    > First...restart in safe mode and run system scan.....
    >
    > Wrong! NIS won't even run in safe mode for me.
    >
    > Second....delete the affected file while in safe mode...
    > Well I can do that ok cause I can run a scan in normal then skip the
    > threat, restart safe, delete manually, then restart in normal
    > again....but by the time the PC is rebooted the adware has renamed
    > the dll file it's hiding in and even moved to a different windows
    > folder....
    >
    > Third...."Find and disable the service Windows NT/2000/XP" by running
    > "services.msc". They even give 4 possible services...only one of
    > which shows up. That sounds good but the instructions say to be sure
    > that the "path to executable" references one of the detected files.
    > Well NIS didn't list any service and the one on my system doesn't
    > reference the detected file anyway.
    >
    > Fourth....there are half a dozen registry edits to make. With the
    > track record of this document so far, do I dare make any changes to
    > the registry?
    >
    > I need help with this one...really bad.
    >
    > Oh yeah....when I try to view the Norton activity log, the program
    > shuts down with the "send error report?" screen.
    >
    > I have also tried Spybot S&D but I can't keep it gone there either.


    --
    pcbutts1, Jul 27, 2005
    #5
  6. "WormWood" <> wrote in message
    news:...
    >
    > "Douglas BISHOP" <> wrote in message
    > news:MpCFe.61$...
    > > Anyone know how to actually get rid of this thing?
    > >
    > > Norton Internet Security 2005 can't seem to....their removal tool
    > > can't do
    > > it. Their Security Response document doesn't help.
    > >
    > > 11 printed pages and nothing seems to be as they say:
    > >
    > > First...restart in safe mode and run system scan.....
    > >
    > > Wrong! NIS won't even run in safe mode for me.
    > >
    > > Second....delete the affected file while in safe mode...
    > > Well I can do that ok cause I can run a scan in normal then skip the
    > > threat,
    > > restart safe, delete manually, then restart in normal again....but by
    > > the
    > > time the PC is rebooted the adware has renamed the dll file it's
    > > hiding in
    > > and even moved to a different windows folder....
    > >
    > > Third...."Find and disable the service Windows NT/2000/XP" by running
    > > "services.msc". They even give 4 possible services...only one of
    > > which
    > > shows up. That sounds good but the instructions say to be sure that
    > > the
    > > "path to executable" references one of the detected files. Well NIS
    > > didn't
    > > list any service and the one on my system doesn't reference the
    > > detected
    > > file anyway.
    > >
    > > Fourth....there are half a dozen registry edits to make. With the
    > > track
    > > record of this document so far, do I dare make any changes to the
    > > registry?
    > >
    > > I need help with this one...really bad.
    > >
    > > Oh yeah....when I try to view the Norton activity log, the program
    > > shuts
    > > down with the "send error report?" screen.
    > >
    > > I have also tried Spybot S&D but I can't keep it gone there either.
    > >
    > >

    > Read this and be aware that different a-v programs have different names
    > for the same malware, in your case, a trojan, Adware.iefeats.
    > http://vil.nai.com/vil/content/v_130641.htm
    > McAfee named it StartPage FY, appropriate for one of it's dirty tricks,
    > eh? btw, XP SP2 has an a-v and firewall, in case you needed to know.
    >
    >
    >

    It looks as though Mcaffe is claiming that it is an easy remove.....HAH!

    This thing seems able to disable any programs designed to find and eliminate
    the threat.

    I've installed SpyBot S&D/Spyware Blaster, Bazooka, ran the Norton removal
    tool, had NIS-2005 RUNNING when the thing seemed to jump right in and take
    over. NIS popup claimed to have stopped a high risk threat then next thing
    I know popups are popping up, my start page is changed, the search engine
    is different, most hilighted links on web pages simply go to a search result
    for the word hilighted rather than a link from the current web site.

    Is there anything that can be done with this one? Oh yeah and Norton's help
    site is pathetic. When this subscription expires Norton is off my stuff for
    good.

    Help please? Thanks
    Douglas BISHOP, Jul 27, 2005
    #6
  7. Douglas BISHOP

    pcbutts1 Guest

    Download Hijack this, run it, save a copy of the log file and cut and paste
    it back here to the group so that I can analyze it.

    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Douglas BISHOP" <> wrote in message
    news:eek:RSFe.177$...
    > "WormWood" <> wrote in message
    > news:...
    >>
    >> "Douglas BISHOP" <> wrote in message
    >> news:MpCFe.61$...
    >> > Anyone know how to actually get rid of this thing?
    >> >
    >> > Norton Internet Security 2005 can't seem to....their removal tool
    >> > can't do
    >> > it. Their Security Response document doesn't help.
    >> >
    >> > 11 printed pages and nothing seems to be as they say:
    >> >
    >> > First...restart in safe mode and run system scan.....
    >> >
    >> > Wrong! NIS won't even run in safe mode for me.
    >> >
    >> > Second....delete the affected file while in safe mode...
    >> > Well I can do that ok cause I can run a scan in normal then skip the
    >> > threat,
    >> > restart safe, delete manually, then restart in normal again....but by
    >> > the
    >> > time the PC is rebooted the adware has renamed the dll file it's
    >> > hiding in
    >> > and even moved to a different windows folder....
    >> >
    >> > Third...."Find and disable the service Windows NT/2000/XP" by running
    >> > "services.msc". They even give 4 possible services...only one of
    >> > which
    >> > shows up. That sounds good but the instructions say to be sure that
    >> > the
    >> > "path to executable" references one of the detected files. Well NIS
    >> > didn't
    >> > list any service and the one on my system doesn't reference the
    >> > detected
    >> > file anyway.
    >> >
    >> > Fourth....there are half a dozen registry edits to make. With the
    >> > track
    >> > record of this document so far, do I dare make any changes to the
    >> > registry?
    >> >
    >> > I need help with this one...really bad.
    >> >
    >> > Oh yeah....when I try to view the Norton activity log, the program
    >> > shuts
    >> > down with the "send error report?" screen.
    >> >
    >> > I have also tried Spybot S&D but I can't keep it gone there either.
    >> >
    >> >

    >> Read this and be aware that different a-v programs have different names
    >> for the same malware, in your case, a trojan, Adware.iefeats.
    >> http://vil.nai.com/vil/content/v_130641.htm
    >> McAfee named it StartPage FY, appropriate for one of it's dirty tricks,
    >> eh? btw, XP SP2 has an a-v and firewall, in case you needed to know.
    >>
    >>
    >>

    > It looks as though Mcaffe is claiming that it is an easy remove.....HAH!
    >
    > This thing seems able to disable any programs designed to find and
    > eliminate
    > the threat.
    >
    > I've installed SpyBot S&D/Spyware Blaster, Bazooka, ran the Norton removal
    > tool, had NIS-2005 RUNNING when the thing seemed to jump right in and take
    > over. NIS popup claimed to have stopped a high risk threat then next
    > thing
    > I know popups are popping up, my start page is changed, the search engine
    > is different, most hilighted links on web pages simply go to a search
    > result
    > for the word hilighted rather than a link from the current web site.
    >
    > Is there anything that can be done with this one? Oh yeah and Norton's
    > help
    > site is pathetic. When this subscription expires Norton is off my stuff
    > for
    > good.
    >
    > Help please? Thanks
    >
    >
    pcbutts1, Jul 27, 2005
    #7
  8. "pcbutts1" <> wrote in message
    news:c0TFe.1464$...
    > Download Hijack this, run it, save a copy of the log file and cut and

    paste
    > it back here to the group so that I can analyze it.
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >


    Ready to install this....should I (can I) run it in safe mode?
    I have a strange feeling that my Norton IS2005 is not functioning
    completely.
    Douglas BISHOP, Jul 27, 2005
    #8
  9. "pcbutts1" <> wrote in message
    news:c0TFe.1464$...
    > Download Hijack this, run it, save a copy of the log file and cut and

    paste
    > it back here to the group so that I can analyze it.
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --

    HERE'S THE LOG HOT OFF THE PRESS:
    BY THE WAY.....>>>>>
    The latest Norton scan revealed that the CURRENT name of the problem file
    is:
    MXZVQ.DLL (mxzvq.dll) which is currently living in C:\Windows (it's been in
    ....system32 on 2 previous occasions using different random file names)


    Logfile of HijackThis v1.99.1
    Scan saved at 6:58:15 PM, on 7/27/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\winvn32.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\crcq.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    D:\My Download Files\From AOL50\Program Downloads\Spyware Tool
    Hijackthis\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Class - {A0F991F2-5AEB-72DB-FE93-7C39C20F8BCC} -
    C:\WINDOWS\system32\d3ob.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
    Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
    Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
    Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus
    Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [winvn32.exe] C:\WINDOWS\system32\winvn32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI
    Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI
    Multimedia\main\ATIDtct.EXE
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
    Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} -
    http://www.searchalot.com (file missing)
    O9 - Extra 'Tools' menuitem: Search the Internet -
    {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file
    missing)
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -
    C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links -
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .au: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
    https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/093d56711032e8bd6503/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121563795906
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
    http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload
    Tool Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    Information Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
    http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown
    owner - C:\WINDOWS\crcq.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
    C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
    32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Douglas BISHOP, Jul 28, 2005
    #9
  10. "pcbutts1" <> wrote in message
    news:1122480112.f2f2469a27d4410de0487002a91c1426@teranews...
    > Format and reinstall.
    >
    >


    LOL... You should get a side job at Best Buy. Anyone that I know who ever
    bought a PC from them has had that thrown at them for any problem they have.
    Douglas BISHOP, Jul 28, 2005
    #10
  11. "Douglas BISHOP" <> wrote in message
    news:ufUFe.1674$...
    >
    > "pcbutts1" <> wrote in message
    > news:c0TFe.1464$...
    > > Download Hijack this, run it, save a copy of the log file and cut and

    > paste
    > > it back here to the group so that I can analyze it.
    > >
    > > HijackThis
    > > http://www.pcbutts1.com/downloads/HijackThis.zip
    > >

    >
    > Ready to install this....should I (can I) run it in safe mode?
    > I have a strange feeling that my Norton IS2005 is not functioning
    > completely.
    >


    silly me....I didn't realize how quickly this thing runs.
    Douglas BISHOP, Jul 28, 2005
    #11
  12. Douglas BISHOP

    pcbutts1 Guest

    Upgrade to Service pack 2 but first have hijackthis fix the following lines.
    Also my email address is any other posts by me that do
    not have this address is not from me and should be ignored.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {A0F991F2-5AEB-72DB-FE93-7C39C20F8BCC} -
    C:\WINDOWS\system32\d3ob.dll
    O4 - HKLM\..\Run: [winvn32.exe] C:\WINDOWS\system32\winvn32.exe
    O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} -
    http://www.searchalot.com (file missing)
    O9 - Extra 'Tools' menuitem: Search the Internet -
    {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file
    missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links -
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
    http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown
    owner - C:\WINDOWS\crcq.exe


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Douglas BISHOP" <> wrote in message
    news:nsUFe.1679$...
    >
    > "pcbutts1" <> wrote in message
    > news:c0TFe.1464$...
    >> Download Hijack this, run it, save a copy of the log file and cut and

    > paste
    >> it back here to the group so that I can analyze it.
    >>
    >> HijackThis
    >> http://www.pcbutts1.com/downloads/HijackThis.zip
    >>
    >> --

    > HERE'S THE LOG HOT OFF THE PRESS:
    > BY THE WAY.....>>>>>
    > The latest Norton scan revealed that the CURRENT name of the problem file
    > is:
    > MXZVQ.DLL (mxzvq.dll) which is currently living in C:\Windows (it's been
    > in
    > ...system32 on 2 previous occasions using different random file names)
    >
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 6:58:15 PM, on 7/27/2005
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\System32\Ati2evxx.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Norton Internet Security\ISSVC.exe
    > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    > C:\WINDOWS\system32\Ati2evxx.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    > C:\WINDOWS\SM1BG.EXE
    > C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    > C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
    > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\WINDOWS\system32\winvn32.exe
    > C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\WINDOWS\System32\ctfmon.exe
    > C:\Program Files\ATI Multimedia\main\ATISched.EXE
    > C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    > C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    > C:\WINDOWS\crcq.exe
    > C:\Program Files\Common Files\Symantec Shared\NMain.exe
    > D:\My Download Files\From AOL50\Program Downloads\Spyware Tool
    > Hijackthis\hijackthis\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > about:blank
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > res://C:\WINDOWS\mxzvq.dll/sp.html#14044
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    > about:blank
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    > about:blank
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    > O2 - BHO: Class - {A0F991F2-5AEB-72DB-FE93-7C39C20F8BCC} -
    > C:\WINDOWS\system32\d3ob.dll
    > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    > Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
    > Creator 7\Drag to Disc\DrgToDsc.exe"
    > O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    > O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
    > Shared\Security Center\UsrPrmpt.exe
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    > C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
    > Files\Common
    > Files\Microsoft Shared\Works Shared\WkUFind.exe
    > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    > O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
    > Technologies\ATI.ACE\cli.exe" runtime
    > O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series]
    > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON
    > Stylus
    > Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\jre1.5.0_02\bin\jusched.exe
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [winvn32.exe] C:\WINDOWS\system32\winvn32.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    > /background
    > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    > O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI
    > Multimedia\main\ATISched.EXE
    > O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI
    > Multimedia\main\ATIDtct.EXE
    > O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
    > Technologies\ATI.ACE\CLI.exe
    > O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    > Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office10\OSA.EXE
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} -
    > http://www.searchalot.com (file missing)
    > O9 - Extra 'Tools' menuitem: Search the Internet -
    > {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file
    > missing)
    > O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -
    > C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    > C:\WINDOWS\web\related.htm
    > O9 - Extra 'Tools' menuitem: Show &Related Links -
    > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\MSMSGS.EXE
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\MSMSGS.EXE
    > O12 - Plugin for .au: C:\Program Files\Internet
    > Explorer\PLUGINS\npqtplugin.dll
    > O12 - Plugin for .mid: C:\Program Files\Internet
    > Explorer\PLUGINS\npqtplugin2.dll
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
    > https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > http://software-dl.real.com/093d56711032e8bd6503/netzip/RdxIE601.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    > http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121563795906
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
    > http://www.crucial.com/controls/cpcScanner.cab
    > O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
    > Upload
    > Tool Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    > O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    > Information Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
    > https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    > O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
    > Class) -
    > http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    > O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown
    > owner - C:\WINDOWS\crcq.exe
    > O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
    > C:\WINDOWS\System32\Ati2evxx.exe
    > O23 - Service: ATI Smart - Unknown owner -
    > C:\WINDOWS\system32\ati2sgag.exe
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    > Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    > Corporation - C:\Program Files\Common
    > Files\InstallShield\Driver\1050\Intel
    > 32\IDriverT.exe
    > O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    > Files\Norton Internet Security\ISSVC.exe
    > O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
    > Corporation - C:\Program Files\Norton Internet Security\Norton
    > AntiVirus\navapsvc.exe
    > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    > Internet Security\Norton AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
    > C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    > O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    > Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
    > Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    >
    >
    >
    pcbutts1, Jul 28, 2005
    #12
  13. Douglas BISHOP

    pcbutts1 Guest

    Douglas BISHOP, <> wrote:

    > Ready to install this....should I (can I) run it in safe
    > mode?


    Your signature separator is NOT Usenet Compliant!

    > I have a strange feeling that my Norton IS2005 is not functioning
    > completely.


    That's cool! I wish I had a strange feeling that your norton is2005 is not
    functioning completely.
    pcbutts1, Jul 28, 2005
    #13
  14. Douglas BISHOP

    pcbutts1 Guest

    Douglas BISHOP, <> wrote:

    > silly me....I didn't realize how quickly this thing runs.


    How did a little girl like you land a great big job like this?
    pcbutts1, Jul 28, 2005
    #14
  15. Douglas BISHOP

    pcbutts1 Guest

    Douglas BISHOP, <> wrote:

    > LOL...


    Pathetic fucking life.

    > HELP! My brain has fallen out!


    Do you still carry an umbrella with you on hot, summer days just in case?

    > You should get a side job at Best Buy.


    Why should I get a side job at best buy, BISHOP?

    > Anyone that I know who ever bought a PC from them has had that thrown at
    > them for any problem they have.


    That's not a problem. Trolls are a problem.
    pcbutts1, Jul 28, 2005
    #15
  16. "pcbutts1" <> wrote in message
    news:c0TFe.1464$...
    > Download Hijack this, run it, save a copy of the log file and cut and

    paste
    > it back here to the group so that I can analyze it.
    >
    > HijackThis


    For the record....

    downloading "hijackthis" is a good thing....posting the log file here is a
    waste of time.

    Post your log and problem on the HJT forum and you will likely get a very
    detailed run down of what you need to do. It's more than just checking
    items in the log to delete. There are a whole host of tools at your
    disposal that they will direct you to.

    Excellent site...I have myself a note to go back and paypal them a
    donation....
    Douglas BISHOP, Aug 5, 2005
    #16
  17. Douglas BISHOP

    pcbutts1 Guest

    What on earth makes you think it is a waste of time? Because you can't read
    it? Nobody is asking you to read it. You want to donate then donate to me


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Douglas BISHOP" <> wrote in message
    news:XBAIe.1611$...
    >
    > "pcbutts1" <> wrote in message
    > news:c0TFe.1464$...
    >> Download Hijack this, run it, save a copy of the log file and cut and

    > paste
    >> it back here to the group so that I can analyze it.
    >>
    >> HijackThis

    >
    > For the record....
    >
    > downloading "hijackthis" is a good thing....posting the log file here is a
    > waste of time.
    >
    > Post your log and problem on the HJT forum and you will likely get a very
    > detailed run down of what you need to do. It's more than just checking
    > items in the log to delete. There are a whole host of tools at your
    > disposal that they will direct you to.
    >
    > Excellent site...I have myself a note to go back and paypal them a
    > donation....
    >
    >
    pcbutts1, Aug 5, 2005
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    479
    Big Will
    Mar 3, 2005
  2. Hugh Sutherland

    popup adware spyware and spam

    Hugh Sutherland, Jul 20, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    501
    Hugh Sutherland
    Jul 20, 2003
  3. Michael Washington

    Adware problem

    Michael Washington, Jun 30, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    432
    Boomer
    Jun 30, 2004
  4. Gilbert Rivera

    Adware Problem

    Gilbert Rivera, Sep 25, 2004, in forum: Computer Support
    Replies:
    9
    Views:
    500
    Toolman Tim
    Sep 25, 2004
  5. Scott Hastings

    help me with an adware problem

    Scott Hastings, Dec 12, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    537
    °Mike°
    Dec 12, 2004
Loading...

Share This Page