Computer constantly freezing

[Shadowraider]

Hey, I found way too many processes in task manager.. and the amount seems to keep increasing, so far its 41.. what should it be? on average ..
Not too long ago there was some major virus's found on the computer but it was eventually fixed, all though im still not convinced, as it still shows signs of virus', also the screen randomly goes black as if its failing to refresh, ive updated the graphics card drivers so hopefully thats fixed that problem. Id just like somebody to check the log file just so i can be sure that theres nothing wrong :)

Logfile of HijackThis v1.99.1
Scan saved at 22:43:17, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
C:\Documents and Settings\Matt\My Documents\Software\Anti-Virus\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://90.224.37.142/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe


Thanks

[MoralTerror]

Hi Shadowraider and welcome to TSF

Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers

There is no set average for running processes as these will depend on the PC and the applications installed. They will constantly increase/decrease while the computer is running, as programs (including background processes) are opened/closed. e.g. I have 42 processes running with an open browser and notepad opened. The rest are system processes, anti-virus program, firewall, anti-spyware and a few programs I chose to run at startup. Some users will tweak the startups to get down to about 25 processes but that's usually not needed unless your computer is really slow to boot up or slow at opening programs or responding to user input.

I don't see any malware in your log but I will take a further look to make sure, however..........

I notice that you have more than one anti-virus programs on your machine (AVG & Symantec). That's not a good idea!!

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ##

------------------------

Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, 2 text files will open - main.txt and extra.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

------------------------
Required Logs

main.txt
extra.txt (attached)

[Shadowraider]

No problem :) Just glad you replyed, other forums dont!

Hmm about the 2 antivirus' i had norton systemworks installed for years, but it uses alot of memory while its running, it has alot of extra features so i figured id turn the antivirus off and just use the extra features when i needed them and use avg as my main antivirus because its a much lighter program. I did what you said, and uninstalled norton systemworks, i kept avg. What antivirus would you recommend? because any reviews i read all seem to say different :/

I have got hijackthis already installed but the deckard scanner used its own because mine is named alternativ (from a old virus problem years back)

-

Deckard's System Scanner v20070905.67
Run by Matt on 2007-10-03 15:25:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2007-10-03 14:25:52 UTC - RP69 - Deckard's System Scanner Restore Point
60: 2007-10-03 14:17:39 UTC - RP68 - Removed Norton Ghost
59: 2007-10-03 14:16:02 UTC - RP67 - Removed Norton AntiVirus
58: 2007-10-02 16:24:22 UTC - RP66 - System Checkpoint
57: 2007-09-30 22:14:14 UTC - RP65 - Removed Google Web Accelerator


-- First Restore Point --
1: 2007-07-08 17:19:23 UTC - RP9 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Matt.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-03 15:31:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Documents and Settings\Matt\My Documents\dss.exe
C:\Program Files\Trend Micro\HijackThis\Matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKEY_LOCAL_MACHINE\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://90.224.37.142/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Adobe LM Service - Unknown owner - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Autodesk Licensing Service - Unknown owner - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 cdiskdun - c:\docume~1\matt\locals~1\temp\cdiskdun.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"

S2 ScsiAccess - c:\windows\system32\scsiaccess.exe (file missing)
S3 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Service:


-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-10-03 15:27:49 0 d-------- C:\Program Files\Trend Micro
2007-10-01 16:49:45 0 d-------- C:\VundoFix Backups
2007-09-30 23:26:35 0 dr-h----- C:\Documents and Settings\Matt\Recent
2007-09-30 22:13:26 0 d-------- C:\Documents and Settings\Matt\Application Data\Grisoft
2007-09-30 21:27:13 0 d-------- C:\Documents and Settings\Matt\Application Data\Logitech
2007-09-30 20:58:54 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-09-30 20:58:53 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-09-30 20:58:53 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-09-30 20:58:53 131072 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-09-30 20:58:53 155648 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-09-30 20:22:18 0 d-------- C:\Program Files\CodeStuff
2007-09-30 19:50:49 0 d-------- C:\Program Files\WhatsRunning
2007-09-30 19:32:20 0 d-------- C:\Program Files\CCleaner
2007-09-30 19:27:25 0 d-------- C:\Documents and Settings\Matt\Application Data\Uniblue
2007-09-30 14:21:02 0 d-------- C:\WINDOWS\pss
2007-09-30 14:12:57 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-30 14:08:10 0 d-------- C:\WINDOWS\nview
2007-09-30 13:34:44 0 d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2007-09-30 13:34:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-30 13:34:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-09-30 11:53:11 0 d-------- C:\Program Files\IZArc
2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-11 23:54:50 10731520 --a------ C:\Documents and Settings\Matt\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-10-03 15:20:53 0 d-------- C:\Program Files\Norton SystemWorks
2007-10-03 15:20:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-30 23:14:25 0 d-------- C:\Program Files\Google
2007-09-30 23:14:25 0 --a------ C:\Documents and Settings\Matt\Application Data\.googlewebacchosts
2007-09-30 21:19:16 0 d-------- C:\Program Files\Common Files
2007-09-30 21:19:16 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-30 21:18:58 0 d-------- C:\Documents and Settings\Matt\Application Data\Adobe
2007-09-30 20:58:51 0 d-------- C:\Program Files\Common Files\Logitech
2007-09-30 20:58:30 0 d-------- C:\Program Files\Logitech
2007-09-30 20:57:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 19:42:16 0 d-------- C:\Program Files\Kodak
2007-09-30 13:50:21 0 d-------- C:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com
2007-09-30 13:50:19 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-30 12:35:07 0 d-------- C:\Program Files\Canon
2007-09-30 12:34:49 0 d-------- C:\Program Files\Atari
2007-09-28 13:59:38 0 d-------- C:\Program Files\Java
2007-09-06 20:18:44 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-23 19:33:15 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ErgoMedia"="C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe" [28/06/2005 14:59]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [19/07/2006 12:03 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [30/09/2007 13:34]
"nwiz"="nwiz.exe" [17/09/2007 01:07 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [19/07/2006 12:03]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/09/2007 01:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [30/09/2007 20:58:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 05/03/2007 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-10-03 15:32:50 ------------

Thanks again :)

[MoralTerror]

Hi Shadowraider

Quote:

Originally Posted by Shadowraider

What antivirus would you recommend? because any reviews i read all seem to say different :/

Yeah choosing an antivirus has a lot to do with personal preference so you will always get conflicting reviews. Having said that you can visit http://www.av-comparatives.org/ and see the results of independant comparisons between anti-virus products before choosing one to buy. Personally I'd recommended the following:

Free Products: AVG or Avast
Paid Products: Kaspersky or NOD32

On my home PC I've used AVG Free Edition for a number of years and have no complaints with it.

------------------------

Symantec has left some components behind

If the version of Norton uninstalled was 2004 or later, please download and run
SymNRT.

If the version of Norton was 2003 or earlier download and run these three tools in the order listed:
Rnav2003
RnisUPG
SYMCLEAN

Delete the following folders if present:
C:\Program Files\ (Delete all folders beginning with Norton or Symantec.)
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec
Norton Unisntallers

If you had Norton Internet Security. If you can, use the uninstallers below (choose the uninstaller for the version you have):

NIS 2005 Uninstaller

NIS 2003 Uninstaller

-------------------------

From Control Panel > Add/Remove Programs uninstall the following program (if it still exists)

Java(TM) SE Runtime Environment 6 Update 1


-------------------------

1. Download combofix to your desktop

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------
Required Logs

c:\combofix.txt
new HijackThis log


Are you still getting the random black screens?

[Shadowraider]

Hmm thanks for the info :)
I guess ill stick with avg for now then, i haven't heard anything negative about it so far! Norton uses too much memory really, from 42 process' im down to about 35-37 on average now after removing norton.


I used all the programs for the 2003 version i have, theres still 4 files left in C:\Program Files\Symantec\LiveUpdate and they cant be removed.

I removed the Java Runtime Environment 6 Update 1 from add/remove programs
Ive been curious about why i had 2 updates of java?


ComboFix 07-10-03.7 - Matt 2007-10-03 21:27:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT 1:00]
Running from: C:\Documents and Settings\Matt\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-09-30 22:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-30 21:27 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\Logitech
2007-09-30 20:58 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-09-30 20:58 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-09-30 20:58 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-09-30 20:58 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-09-30 20:58 131,072 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-09-30 20:58 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-09-30 19:32 <DIR> d-------- C:\Program Files\CCleaner
2007-09-30 19:27 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\Uniblue
2007-09-30 14:21 <DIR> d-------- C:\WINDOWS\pss
2007-09-30 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-30 14:08 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-30 14:08 <DIR> d-------- C:\WINDOWS\nview
2007-09-30 14:07 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-30 11:53 <DIR> d-------- C:\Program Files\IZArc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 21:10 --------- d-------- C:\Program Files\Symantec
2007-10-03 15:20 --------- d-------- C:\Program Files\Norton SystemWorks
2007-10-03 15:18 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-30 23:14 --------- d-------- C:\Program Files\Google
2007-09-30 20:58 --------- d-------- C:\Program Files\Logitech
2007-09-30 20:58 --------- d-------- C:\Program Files\Common Files\Logitech
2007-09-30 20:57 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 19:42 --------- d-------- C:\Program Files\Kodak
2007-09-30 19:35 --------- d-------- C:\Documents and Settings\Lol\Application Data\Lavasoft
2007-09-30 13:50 --------- d-------- C:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com
2007-09-30 13:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 12:35 --------- d-------- C:\Program Files\Canon
2007-09-30 12:34 --------- d-------- C:\Program Files\Atari
2007-09-17 01:07 6853088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-10 20:54 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-23 19:33 286720 --------- C:\WINDOWS\Setup1.exe
2001-11-23 05:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ErgoMedia"="C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe" [2005-06-28 14:59]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-30 13:34]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-30 20:58:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-30 20:58:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\Matt\LOCALS~1\Temp\cdiskdun.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 21:32:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 21:34:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 21:33
.
--- E O F ---




There was also a quarantined text log, here it is just incase you need to look at it

Code:

2007-10-03 21:30      846    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat


Folder PATH listing
Volume serial number is 5C64-8D13
C:\QOOBOX\QUARANTINE
\---Registry_backups
        LEGACY_DOMAINSERVICE.reg.dat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:59, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\My Documents\Software\Anti-Virus\Matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://90.224.37.142/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 6006 bytes


Thanks for all the quick replys :)

[Shadowraider]

Quote:

Originally Posted by MoralTerror

Are you still getting the random black screens?

Didn't see this bit, sorry..
No so far its been ok, but some days i can go fine without it happening once, then other days it can be frequent. I updated the graphic card drivers about a week ago hoping that would have something to do with it. Ill let you know if it happens again but im hoping its ok now :)
And then after the black flashes happen, its as if its trying to refresh the screen but failing.. it eventually restarts not long after the flashes happen. The only idea i have thats causing it would be the graphics card ?

[MoralTerror]

Quote:

Originally Posted by Shadowraider

Ive been curious about why i had 2 updates of java?

Hmm a good question. Java installs don't for some reason remove the older versions. Sun say that the new updates will patch the exploits in any older versions that are installed, however there is some doubt about that in the malware community. Better to uninstall the older versions to be on the safe side.

The Norton removal tool hasn't removed some of the services which is why you are unable to delete the files that are left. We will deal with those now.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

FileLook::
C:\WINDOWS\Setup1.exe

Folder::
C:\Program Files\Symantec
C:\Program Files\Norton SystemWorks
C:\Documents and Settings\All Users\Application Data\Symantec


Driver::
Symantec Network Drivers Service
LiveUpdate

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

----------------------------------
Required Logs

c:\combofix.txt
kaspersky report
a new HijackThis log

[Shadowraider]

Ah i see, ive actually read something about that before, about the different exploits.
So far so good with the black screens, it hasn't happened for a while :)

ComboFix 07-10-04.6 - Matt 2007-10-04 15:39:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.224 [GMT 1:00]
Running from: C:\Documents and Settings\Matt\My Documents\Software\Anti-Virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matt\My Documents\Software\Anti-Virus\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-09_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-10_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-11_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-12_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-13_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-14_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-27_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-28_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-29_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-30_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-01_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-02_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-03_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-04_Log.ALUSchedulerSvc.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1122653960jtun_alufixit.zip.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1155139909jtun_en60803048.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1156766435jtun_en60809018.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1156952285jtun_en60828003.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1157559068jtun_en60830022.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1157988474jtun_en60906017.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1158162632jtun_en60910037.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1158392850jtun_ensi0916.x00.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1158773184jtun_en60913019.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1158811179jtun_en60920018.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1159372333jtun_en60920052.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1160005397jtun_en60927018.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1160581759jtun_en61004009.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1161813375jtun_en61011018.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1162400408jtun_en61025039.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1163007863jtun_en61101019.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1163007863jtun_ennfull2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1163615981jtun_en61108024.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1163759400jtun_ensi1115.x00.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1164214538jtun_en61115018.m25.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1164214538jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1164820207jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1165424376jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1166034245jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1166634228jtun_enn11md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1166634228jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1166741507jtun_ensi1220.x00.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1167238416jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1167844053jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1167897846jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1168460658jtun_enncurd2.x86
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1168653242jtun_enn12md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1168653242jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1169072646jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1169504620jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1169661962jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1170273812jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1170867749jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1171486619jtun_enn01md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1171486619jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1172077501jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1172682620jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1172890998jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173302648jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173544682jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173888242jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174492746jtun_enn02md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1174492746jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175097192jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175718166jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176307084jtun_enn03md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176307084jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176428997jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1176922644jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177526787jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178123051jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1178726995jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179336019jtun_enn04md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179336019jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179468822jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179936096jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180549540jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1180579667jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181145590jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1181764924jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1182363564jtun_enn05md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1182363564jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1182961014jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1183576680jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184168514jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1184774138jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185389711jtun_enn06md2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185389711jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185993943jtun_enncurd2.x86.full.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1186021684jtun_enncurd2.x86.full.zip