Thread: favset.exe and a few other problems
View Single Post
Old 01-05-2006, 07:04 AM   #3 (permalink)
Wildweasel
I helped the forums.
 
Join Date: Jan 2006
Posts: 8
OS: XP


Alright, I had a few problems:

Quote:
"After you have restarted, wait for HijackThis to launch automatically.
With HiJackThis & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: (no name) - {C1A4C4FE-25AE-5CF8-8720-FE945A32EE21} - (no file)
O4 - HKLM\..\Run: [dmfou.exe] C:\WINDOWS\system32\dmfou.exe
O4 - HKCU\..\Run: [cnftips] msag.exe
O4 - HKCU\..\Run: [iesetupdll] forces_elite.exe
O4 - HKCU\..\Run: [xwiz] syspanel.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EB9319-9F1A-47B7-B02B-C042E30F91B8}: NameServer = 85.255.114.35,85.255.112.104

Close HijackThis, and click OK to proceed."

I couldn't find "O4 - HKLM\..\Run: [dmfou.exe] C:\WINDOWS\system32\dmfou.exe" in my hijackthis screen, but I found the others.



Quote
"If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK
Locate and delete the following files/folders:
C:\WINDOWS\system32\dmfou.exe
C:\WINDOWS\SYSTEM32\favset.exe
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive.jar-487b52a0-7ec1868f.zip

Search for these
msag.exe
forces_elite.exe
syspanel.exe "

I followed the instructions exactly but I couldn't find:

C:\WINDOWS\system32\dmfou.exe
C:\WINDOWS\SYSTEM32\favset.exe

so I couldn't delete them, nor could I find:

msag.exe
forces_elite.exe
syspanel.exe

I've tried a few search engines and I don't seem to be getting hijacked anymore, so hopefully that means they're gone. However, I did the online scan and it said I have 28 viruses and 110 infected objects, so I assume we still have a bit work to do;-) I really appreciate the help so far!!!

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 05, 2006 05:37:18
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/01/2006
Kaspersky Anti-Virus database records: 158991
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 112463
Number of viruses found: 28
Number of infected objects: 110
Number of suspicious objects: 0
Duration of the scan process: 3934 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-724f57b4-4e9dba6e.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-724f57b4-4e9dba6e.zip Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Easy CD Ripper\Easy CD Ripper.exe Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\01BD4822.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0A2D5EF9 Infected: Trojan.Win32.Dialer.iz
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11A94952.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11A94952.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11A94952.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11A94952.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\11A94952.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\22693973.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26AD018D Infected: Trojan-Downloader.JS.Small.ba
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26B02B89 Infected: Trojan-Clicker.JS.Linker.q
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2BC505F4 Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CAD169B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30ED791B.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F34D14.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F67710.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30FA210D.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\31007506.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37616278/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37616278 Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A275469.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A2B7E65.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3ED87905.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F8D7989 Infected: Trojan-Downloader.Win32.Agent.ex
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\50A20604.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5BB82CC6 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C7B675C Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68B86DB4/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68B86DB4/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68B86DB4/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68B86DB4 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6AF5091B.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7185364A Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\78A4361B Infected: Trojan-Downloader.JS.IstBar.j
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154465.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154469.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154561.exe Infected: Trojan.Win32.DNSChanger.as
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154562.sys Infected: Trojan-Downloader.Win32.Small.ccn
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154563.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154564.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154565.exe Infected: Trojan.Win32.DNSChanger.as
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154765.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154766.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP703\A0154768.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0155993.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0155997.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0155999.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0156003.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0156999.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157003.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157008.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157012.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157014.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157018.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157022.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP708\A0157026.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157028.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157032.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157037.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157041.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157045.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157049.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157052.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157056.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157058.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157062.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157066.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157070.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157072.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157076.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0157080.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0158080.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP709\A0158084.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP710\A0158092.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP710\A0158096.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP710\A0158769.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP710\A0158773.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP711\A0158786.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP711\A0164782.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP713\A0164811.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP713\A0164820.exe Infected: Trojan.Win32.Dialer.iz
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP713\A0164826.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP718\A0165661.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP718\A0165694.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP719\A0165705.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP721\A0165730.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP721\A0165737.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP722\A0165745.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP722\A0165752.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP722\A0166752.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP723\A0166757.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP723\A0167757.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP724\A0167766.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP724\A0167773.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0168773.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0168781.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0168987.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169100.exe Infected: Trojan.Win32.Favadd.an
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169102.exe Infected: Trojan.Win32.Small.gq
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169114.EXE Infected: Backdoor.Win32.Agent.rw
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169115.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169116.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{338EE70C-7D2D-4EEF-80B9-4155FE305E19}\RP725\A0169117.exe Infected: Trojan.Win32.Pakes

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 6:03:06 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chris\My Documents\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Wildweasel is offline