Hope somebody can help me. I did everything I could to clean my pc.

[William159]

But there is something that keeps it from working properly.
I have done pretty much all there is to do.

Here is my log. Any help very much appreciated!

Thanks!

********************************************

Logfile of HijackThis v1.99.1
Scan saved at 11:31:24 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TigerVista Manager\UltraMon.exe
C:\Program Files\TigerVista Manager\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Equis\MetaStock\MsWin.exe
C:\Program Files\Equis\MetaStock\Servers\EQDATSRV.EXE
C:\Program Files\eSignal\WINROS.EXE
C:\Program Files\Equis\MetaStock\Servers\EQFILSRV.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forexfactory.com/index.php?page=calendar#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TigerVista Manager.lnk = C:\Program Files\TigerVista Manager\UltraMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181097430296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8E85F1D-F0D2-4D0E-A019-447ECA8306F9}: NameServer = 205.152.144.23,205.152.132.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[William159]

I also wanted to add, since I believe is important.

P.s. the reason why I think I am infected with something is because a bunch of hidden files with extensions .tmp as in WRL0002.tmp appear in my desktop. I only found out about these files when I had to reinstall Norton Antivirus after it gave me a 'need to activate' message but would not let me reactivate it. The program had to be completely removed and reinstalled.

I wonder if you guys have heard of these hidden files issue appearing in the desktop before. I have even considered erasing the whole disk and installing everything from scratch, but the idea is dreadful.

Again, thanks very much in advance for any assistance!

[William159]

bumpy

[William159]

biripy bumpy

[Ried]

Hello William159,

Those files belong to Word2000-2003 and it could be caused by Norton. Please see this link --> http://help.wugnet.com/office/Word-2...ict944733.html . Does it seem to fit your issue? If so, perhaps contact Norton support for assistance.

[William159]

Hi Reid !

Thanks so much for taking the time to reply to my messages.

I did as you suggested. Had to pay Norton to get a specialist to remove files from my computer =(

So the files in the desktop are gone since the guy removed them manually, he also went into the system 32 file and removed other files that looked "suspicious" to him.

Makes one wonder why have Norton if the program can not detect all viruses it's supposed to detect to start with.

My desktop icons are still too large I think. Here is the hijack log as of right now, if you could plesase tell me if everything seems normal I would really appreciate it!

Thanks again, and best wishes

=)

Logfile of HijackThis v1.99.1
Scan saved at 3:48:06 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TigerVista Manager\UltraMon.exe
C:\Program Files\TigerVista Manager\UltraMonTaskbar.exe
C:\Program Files\Equis\MetaStock\MsWin.exe
C:\Program Files\Equis\MetaStock\Servers\EQDATSRV.EXE
C:\Program Files\eSignal\WINROS.EXE
C:\Program Files\Equis\MetaStock\Servers\EQFILSRV.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\PDesk\PDESK.EXE
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forexfactory.com/index.php?page=calendar#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: TigerVista Manager.lnk = C:\Program Files\TigerVista Manager\UltraMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181097430296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8E85F1D-F0D2-4D0E-A019-447ECA8306F9}: NameServer = 205.152.144.23,205.152.132.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[William159]

bump

[Ried]

You're welcome, William159. Please be so kind as to allow me 24 hours to reply once you've posted before 'bumping' as I do this in my spare time and have other threads to tend to as well.

I'd prefer you use this scanning tool as it will provide me a more comprehensive look at your system:

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

[William159]

Thanks Reid !

I have done everything as you indicated and here are the results.

***********

Deckard's System Scanner v20070611.50
Run by cord on 2007-06-15 at 20:36:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2007-06-16 00:36:48 UTC - RP504 - Deckard's System Scanner Restore Point
95: 2007-06-15 05:49:40 UTC - RP503 - Software Distribution Service 3.0
94: 2007-06-14 20:07:03 UTC - RP502 - System Checkpoint
93: 2007-06-13 18:03:11 UTC - RP501 - Software Distribution Service 3.0
92: 2007-06-13 12:53:39 UTC - RP500 - System Checkpoint


-- First Restore Point --
1: 2007-03-18 00:55:01 UTC - RP409 - Installed Windows Defender


Performed disk cleanup.


-- HijackThis (run as cord.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:36:59 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TigerVista Manager\UltraMon.exe
C:\Program Files\TigerVista Manager\UltraMonTaskbar.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\PDesk\PDESK.EXE
C:\Documents and Settings\cord\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\cord.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forexfactory.com/index.php?page=calendar#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\cord\Application Data\Mozilla\Profiles\default\yhrk0l9x.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: TigerVista Manager.lnk = C:\Program Files\TigerVista Manager\UltraMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181097430296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/actives.../asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8E85F1D-F0D2-4D0E-A019-447ECA8306F9}: NameServer = 205.152.144.23,205.152.132.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 A3AB (D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)) - c:\windows\system32\drivers\a3ab.sys <Not Verified; D-Link Corporation; D-Link Wireless Network adapter>

S3 SANDRA - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\sandra.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 astcc (AST Service) - c:\windows\system32\astsrv.exe <Not Verified; Nalpeiron Ltd.; Nalpeiron License Management>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-15 01:49:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-06-11 21:02:22 554 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - cord.job


-- Files created between 2007-05-15 and 2007-06-15 -----------------------------

2007-06-08 15:59:13 0 d-------- C:\Program Files\DynGate
2007-06-08 15:58:57 0 d-------- C:\Documents and Settings\cord\temp
2007-06-08 15:38:27 230 --a------ C:\vrqtoolSREnable.reg
2007-06-08 15:03:16 0 d-------- C:\Program Files\SupportSoft
2007-06-05 23:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-05 16:31:42 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
2007-06-05 16:31:05 0 d-------- C:\WINDOWS\system32\ASPRO
2007-06-05 13:34:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-05 13:26:39 0 d-------- C:\Program Files\Common Files\Java
2007-06-05 12:56:25 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-05 10:43:30 0 d-------- C:\Documents and Settings\cord\Application Data\Grisoft
2007-06-05 09:04:50 0 d-------- C:\Program Files\Equis
2007-06-05 08:46:02 0 d-------- C:\WINDOWS\system32\appmgmt
2007-06-05 08:29:54 0 d-------- C:\!KillBox
2007-06-05 08:13:47 0 d-------- C:\Documents and Settings\cord\Application Data\Opera
2007-06-05 08:12:46 0 d-------- C:\Program Files\Opera
2007-06-05 07:59:40 0 d-------- C:\Program Files\SpywareBlaster
2007-06-05 07:32:13 0 d-------- C:\Program Files\IObit
2007-06-05 07:08:51 5751 --a------ C:\dnsbak.reg
2007-06-04 20:17:34 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-04 20:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-04 20:15:47 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Find3M Report ---------------------------------------------------------------

2007-06-05 23:22:41 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-05 22:47:18 0 d-------- C:\Program Files\TigerVista Manager
2007-06-05 22:47:14 0 d-------- C:\Program Files\Windows Defender
2007-06-05 22:46:58 0 d-------- C:\Program Files\eSignal
2007-06-05 21:29:45 0 d-------- C:\Program Files\D4
2007-06-05 13:28:21 0 d-------- C:\Program Files\Java
2007-06-05 08:46:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-04 20:19:05 0 d-------- C:\Program Files\Symantec
2007-06-04 18:50:35 0 d-------- C:\Program Files\Backup Metastock
2007-05-29 15:47:38 0 d-------- C:\Documents and Settings\cord\Application Data\AdobeUM
2007-05-14 00:10:26 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-20 09:25:24 0 d-------- C:\Program Files\Common Files\Equis
2007-04-18 10:26:40 105168 --a----c- C:\WINDOWS\NSUninst.exe
2007-04-18 10:26:34 12000 --a----c- C:\WINDOWS\mozver.dat
2007-04-18 10:26:31 0 d-------- C:\Program Files\AOD
2007-04-18 10:26:08 105168 --a----c- C:\WINDOWS\GREUninstall.exe
2007-03-28 00:49:08 671836 --a------ C:\WINDOWS\system32\OLVI10.dll <Not Verified; Equis International; Online Interface Dynamic Link Library>
2007-03-28 00:36:22 36864 --a----c- C:\WINDOWS\system32\EqCCWrapper.dll <Not Verified; Equis International; MetaStock Professional>
2007-03-28 00:27:32 204873 --a------ C:\WINDOWS\system32\msfl10.dll <Not Verified; Equis International; MetaStock File Library>
2007-03-27 23:54:46 217167 --a------ C:\WINDOWS\system32\EqNotify.dll <Not Verified; Equis International; EqNotify Dynamic Link Library>
2007-03-27 14:11:06 207360 --a------ C:\WINDOWS\system32\LTKRN61N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-03-27 14:11:06 43008 --a------ C:\WINDOWS\system32\LTFIL61N.DLL
2007-03-27 14:11:06 110080 --a------ C:\WINDOWS\system32\Lfpng61n.dll
2007-03-27 14:11:06 158720 --a------ C:\WINDOWS\system32\LFCMP61N.DLL


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cord^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
"path"="C:\\Documents and Settings\\cord\\Start Menu\\Programs\\Startup\\Check for TWS Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Check for TWS Updates.lnkStartup"
"location"="Startup"
"command"="C:\\Jts\\WiseUpdt.exe /C"
"item"="Check for TWS Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cord^Start Menu^Programs^Startup^Mswin.exe.lnk]
"path"="C:\\Documents and Settings\\cord\\Start Menu\\Programs\\Startup\\Mswin.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Mswin.exe.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Equis\\METAST~1\\Mswin.exe "
"item"="Mswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrintScreen"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Onetouch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Maxtor\\OneTouch\\utils\\Onetouch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MXOALDR"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\cord\\Local Settings\\Temp\\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\\MXOALDR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RetroExpress"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Dantz\\RETROS~1\\RetroExpress.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-15 at 20:37:29 ---------

[Ried]

I'm not seeing any malware in your logs--everything looks good, William159.

[William159]

Good to hear that. Thanks again for your time. You guys rock !

Best wishes......=)

[Ried]

You're welcome, and best wishes to you as well.