WindSkillZ
01-16-2005, 02:41 AM
ahhh i got something that resets my homepage and gives me a toolbar (linked to www.makemesearch.com) it has like pharmacy, casino and stuff. i read some other forums and it had something to do with ntnut.exe so i deleted it but it wouldnt let me so i opened task mgr and ended the process, then deleted it...i found the 'Search Toolbar' installation in Add/Remove programs and deleted that. everythings good. but the file 'Search Toolbar' keeps coming up again and makemesearch.com keeps getting set as default homepage, also the search toolbar itself. ive deleted the file 'Search Toolbar' at least * times today. aww dads not gonna be reli happy when he finds out that ive got the crap on the computer :( can some* please help me? ive got a hijackthis log to make ur job easier. thanks to every* who makes a comment on this thread i really appreiate it
Hijack log is...
Logfile of HijackThis v*.**.0
Scan saved at 5:*2:*8 PM, on *6/0*/2005
Platform: Windows XP SP* (WinNT 5.0*.2600)
MSIE: Internet Explorer v6.00 SP* (6.00.2800.**06)
Running processes:
C:\WINDOWS\System*2\smss.exe
C:\WINDOWS\system*2\winlogon.exe
C:\WINDOWS\system*2\services.exe
C:\WINDOWS\system*2\lsass.exe
C:\WINDOWS\system*2\svchost.exe
C:\WINDOWS\System*2\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System*2\brsvc0*a.exe
C:\WINDOWS\system*2\spoolsv.exe
C:\WINDOWS\System*2\brss0*a.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re*.4.2_0*\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System*2\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System*2\rundll*2.exe
C:\WINDOWS\system*2\Brmfrmps.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System*2\nvsvc*2.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System*2\tibs*.exe
C:\WINDOWS\System*2\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System*2\BRMFRSMG.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeffrey.TAN*.00*\Desktop\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=204
R* - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System*2\netdc.exe
O* - Hosts: 64.**.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {0684*E*F-C8D7-4D5*-B87D-784B7D6BE0B*} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5*707*62-6F74-2D5*-2644-206D7*42484F} - C:\PROGRA~*\SPYBOT~*\SDHelper.dll
O2 - BHO: (no name) - {54*B5CA7-4A86-**D7-A4DF-000874*80BB*} - (no file)
O2 - BHO: NAV Helper - {BDF*E4*0-B*0*-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF02*F40-*E*4-2*A5-CBA2-7*7*706D***6} - C:\WINDOWS\System*2\spm***6.dll
O2 - BHO: (no name) - {FDD*B846-8D5*-4ffb-8758-20*B6AD74ACC} - (no file)
O* - Toolbar: &Radio - {8E7*8888-42*F-**D2-876E-00A0C*082467} - C:\WINDOWS\System*2\msdxm.ocx
O* - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF7*F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O* - Toolbar: Norton AntiVirus - {42CDD*BF-*FFB-42*8-8AD*-785*DF00B*D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O* - Toolbar: (no name) - {62***427-**FC-4baf-*C*C-BCE6BD*27F08} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.*] "C:\WINDOWS\IME\imjp8_*\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration*2
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System*2\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System*2\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System*2\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re*.4.2_0*\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6*80B-DCAB-40**-8EE8-6*644575*7F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System*2\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system*2\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL*2.EXE C:\WINDOWS\System*2\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl0*a\BrStDvPt.exe
O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system*2\ntnut.exe home
O4 - HKLM\..\Run: [tibs*] C:\WINDOWS\System*2\tibs*.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: netdb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA*.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Updates from HP.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~*\MI****~*\OFFICE**\EXCEL.EXE/*000
O* - Extra button: (no name) - {08B0E5C0-4FCB-**CF-AAA5-0040*C60850*} - C:\WINDOWS\System*2\msjava.dll (file missing)
O* - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-**CF-AAA5-0040*C60850*} - C:\WINDOWS\System*2\msjava.dll (file missing)
O* - Extra button: Research - {*2780B25-*8CC-4*C8-B*BE-*C*C57*A826*} - C:\PROGRA~*\MI****~*\OFFICE**\REFIEBAR.DLL
O* - Extra button: Related - {c*5fe080-8f5d-**d2-a20b-00aa00*c*57a} - C:\WINDOWS\web\related.htm
O* - Extra 'Tools' menuitem: Show &Related Links - {c*5fe080-8f5d-**d2-a20b-00aa00*c*57a} - C:\WINDOWS\web\related.htm
O*6 - DPF: {0000*0*6-A*5C-**D4-*7A4-0050BF0FBE67} (NetmarbleStarter*6 Class) - http://www.netmarble.net/game/nmstarter/NMStarter*6.cab
O*6 - DPF: {00B7*CFB-6864-4*46-A*78-C0A*4556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab**267.cab
O*6 - DPF: {2BC66F54-**A8-**D*-BEB6-00*05AA*B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O*6 - DPF: {48884C4*-EFAC-4**D-*58A-*FADAC4*408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O*6 - DPF: {644E4*2F-4*D*-4*A*-8DD5-E0***62EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O*6 - DPF: {8E0D4DE5-**80-4024-A*27-4DFAD*7*6A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab**267.cab
O*6 - DPF: {AB2*A544-D6B4-4E*6-A*F8-D*E*4FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab
O*6 - DPF: {CFCB7*08-782F-**D4-BE27-000*025*8CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O2* - SSODL: MSSQLMonitor - {87C*5*88-EA*6-4B4*-A880-B02D856E0*F*} - C:\WINDOWS\System*2\sfmasrvc.dll
O2* - Service: BigPond Broadband Cable Login - Unknown - C:\Program Files\Telstra\Cable Login\bpcService.exe
O2* - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system*2\Brmfrmps.exe
O2* - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System*2\brsvc0*a.exe
O2* - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O2* - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O2* - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O2* - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O2* - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System*2\nvsvc*2.exe
O2* - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
thx again
Hijack log is...
Logfile of HijackThis v*.**.0
Scan saved at 5:*2:*8 PM, on *6/0*/2005
Platform: Windows XP SP* (WinNT 5.0*.2600)
MSIE: Internet Explorer v6.00 SP* (6.00.2800.**06)
Running processes:
C:\WINDOWS\System*2\smss.exe
C:\WINDOWS\system*2\winlogon.exe
C:\WINDOWS\system*2\services.exe
C:\WINDOWS\system*2\lsass.exe
C:\WINDOWS\system*2\svchost.exe
C:\WINDOWS\System*2\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System*2\brsvc0*a.exe
C:\WINDOWS\system*2\spoolsv.exe
C:\WINDOWS\System*2\brss0*a.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re*.4.2_0*\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System*2\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System*2\rundll*2.exe
C:\WINDOWS\system*2\Brmfrmps.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System*2\nvsvc*2.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System*2\tibs*.exe
C:\WINDOWS\System*2\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System*2\BRMFRSMG.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeffrey.TAN*.00*\Desktop\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=204
R* - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System*2\netdc.exe
O* - Hosts: 64.**.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {0684*E*F-C8D7-4D5*-B87D-784B7D6BE0B*} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5*707*62-6F74-2D5*-2644-206D7*42484F} - C:\PROGRA~*\SPYBOT~*\SDHelper.dll
O2 - BHO: (no name) - {54*B5CA7-4A86-**D7-A4DF-000874*80BB*} - (no file)
O2 - BHO: NAV Helper - {BDF*E4*0-B*0*-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF02*F40-*E*4-2*A5-CBA2-7*7*706D***6} - C:\WINDOWS\System*2\spm***6.dll
O2 - BHO: (no name) - {FDD*B846-8D5*-4ffb-8758-20*B6AD74ACC} - (no file)
O* - Toolbar: &Radio - {8E7*8888-42*F-**D2-876E-00A0C*082467} - C:\WINDOWS\System*2\msdxm.ocx
O* - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF7*F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O* - Toolbar: Norton AntiVirus - {42CDD*BF-*FFB-42*8-8AD*-785*DF00B*D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O* - Toolbar: (no name) - {62***427-**FC-4baf-*C*C-BCE6BD*27F08} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.*] "C:\WINDOWS\IME\imjp8_*\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration*2
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System*2\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System*2\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System*2\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re*.4.2_0*\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6*80B-DCAB-40**-8EE8-6*644575*7F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System*2\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system*2\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL*2.EXE C:\WINDOWS\System*2\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl0*a\BrStDvPt.exe
O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system*2\ntnut.exe home
O4 - HKLM\..\Run: [tibs*] C:\WINDOWS\System*2\tibs*.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: netdb.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA*.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Updates from HP.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~*\MI****~*\OFFICE**\EXCEL.EXE/*000
O* - Extra button: (no name) - {08B0E5C0-4FCB-**CF-AAA5-0040*C60850*} - C:\WINDOWS\System*2\msjava.dll (file missing)
O* - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-**CF-AAA5-0040*C60850*} - C:\WINDOWS\System*2\msjava.dll (file missing)
O* - Extra button: Research - {*2780B25-*8CC-4*C8-B*BE-*C*C57*A826*} - C:\PROGRA~*\MI****~*\OFFICE**\REFIEBAR.DLL
O* - Extra button: Related - {c*5fe080-8f5d-**d2-a20b-00aa00*c*57a} - C:\WINDOWS\web\related.htm
O* - Extra 'Tools' menuitem: Show &Related Links - {c*5fe080-8f5d-**d2-a20b-00aa00*c*57a} - C:\WINDOWS\web\related.htm
O*6 - DPF: {0000*0*6-A*5C-**D4-*7A4-0050BF0FBE67} (NetmarbleStarter*6 Class) - http://www.netmarble.net/game/nmstarter/NMStarter*6.cab
O*6 - DPF: {00B7*CFB-6864-4*46-A*78-C0A*4556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab**267.cab
O*6 - DPF: {2BC66F54-**A8-**D*-BEB6-00*05AA*B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O*6 - DPF: {48884C4*-EFAC-4**D-*58A-*FADAC4*408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O*6 - DPF: {644E4*2F-4*D*-4*A*-8DD5-E0***62EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O*6 - DPF: {8E0D4DE5-**80-4024-A*27-4DFAD*7*6A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab**267.cab
O*6 - DPF: {AB2*A544-D6B4-4E*6-A*F8-D*E*4FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab
O*6 - DPF: {CFCB7*08-782F-**D4-BE27-000*025*8CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O2* - SSODL: MSSQLMonitor - {87C*5*88-EA*6-4B4*-A880-B02D856E0*F*} - C:\WINDOWS\System*2\sfmasrvc.dll
O2* - Service: BigPond Broadband Cable Login - Unknown - C:\Program Files\Telstra\Cable Login\bpcService.exe
O2* - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system*2\Brmfrmps.exe
O2* - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System*2\brsvc0*a.exe
O2* - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O2* - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O2* - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O2* - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O2* - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System*2\nvsvc*2.exe
O2* - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
thx again