|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-03-2006, 09:57 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Can You Help Me Please
Hey Hi Hello,
I dont know whats wrong with my system. It takes real long to load up at the start, the desktop picture just shows without any icons. It does this for about 2mins then the icons appear. This only started to happen yesterday, i've done all the things you asked before doing the Hijack thing:- Adware scans, spyware scan, norton scans aswell as system restore. Here's my log Please help Logfile of HijackThis v1.99.1 Scan saved at 17:50:41, on 03/06/2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\winupdates\winupdates.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton AntiVirus\NAVW32.EXE C:\Documents and Settings\Kofo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [s7mh37g] httview.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dw5nRXMET] hosaw.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Thank You Very Much x |
|
     |
| Sponsored Links |
|
01-03-2006, 02:46 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Did you use to have McAfee on your machine prior to installing Norton? If so, have you uninstalle it yet? Having more than one anti-virus programs on your machine is not a good idea!!
 Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them. Let's try this first..  Download and unzip - bfu.zip Run the program and click the Web button located on the top right corner Copy/Paste this url into the address bar of the Download script window: http://metallica.geekstogo.com/alcanshorty.bfu Checkmark the following boxes:
When it finishes running, click the Save button for a copy of the log Post the log created by the script when you have completed the fix along with a new HJT log If you have any questions about the use of BFU please click here
__________________
|
|
|
|
|
01-03-2006, 05:56 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Hey
Here's the BFU BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 01:53:58, on 04/06/2003 Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed) Failed: FolderDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\hsperfdata_Kofo (operation failed) Failed: FileDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\Perflib_Perfdata_16c.dat (operation failed) Failed: FileDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\~DF7380.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\~DF936C.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\~DFBC9D.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\Kofo\LOCALS~1\Temp\~DFCA57.tmp (operation failed) Failed: FolderDelete C:\Program Files\Maxifiles (folder not found) Failed: FolderDelete C:\Program Files\DNS (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Program Files\MsConfigs (folder not found) Failed: FolderDelete C:\Program Files\winsupdater (folder not found) Failed: FolderDelete C:\Program Files\MsUpdate (folder not found) Failed: FolderDelete C:\Program Files\MsMovies (folder not found) Script completed. Here's the HJL Logfile of HijackThis v1.99.1 Scan saved at 01:56:07, on 04/06/2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kofo\Desktop\BFU.exe C:\Documents and Settings\Kofo\Desktop\BFU.exe C:\Documents and Settings\Kofo\Desktop\BFU.exe C:\Documents and Settings\Kofo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [s7mh37g] httview.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dw5nRXMET] hosaw.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
01-03-2006, 10:33 PM
|
#4 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Quote:
__________________
|
|
|
|
|
|
01-04-2006, 04:20 AM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
McAfee wasn't uninstalled properly. It may conflict with Norton & cause your machine to slow to a standstill.
I suggest that you uninstall Norton now. Then re-install McAfee agin. Reboot & uninstall McAfee properly before re-installing Norton again. Let me know when you have done that so that we can proceed with disinfecting your machine. I do not wanna risk creating unnecessary conflicts within your OS by proceeding with the fix. Please post a new HJT log after you have done so.
__________________
|
|
|
|
|
01-04-2006, 08:13 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
K, done
Logfile of HijackThis v1.99.1 Scan saved at 16:12:16, on 04/06/2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kofo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [s7mh37g] httview.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dw5nRXMET] hosaw.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
01-04-2006, 12:59 PM
|
#8 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
* * * * * * BRUTE FORCE UNINSTALLER * * * * * * * * * * * * * You will need to run the fix from post #2 again as you have been re-infected. Download and unzip - bfu.zip Run the program and click the Web button located on the top right corner Copy/Paste this url into the address bar of the Download script window: http://metallica.geekstogo.com/p2pnetwork.bfu Checkmark the following boxes:
* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Download & install CleanUp.exe (not recommended for WinXP64) Download and install Ewido Security Suite
'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding. It is IMPORTANT that you don't miss a step & perform everything in the correct order. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe 4 - HKLM\..\Run: [s7mh37g] httview.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe O4 - HKCU\..\Run: [dw5nRXMET] hosaw.exe O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab.
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following:
5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. * CleanUp! will not create any backups!! * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from:
__________________
|
|
|
|
|
01-04-2006, 03:43 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
I've done the following
1. The BFU 2. The download of Cleanup and download and update of Ediwo 3. The fix in Hijack When i went into safemode, then control pannel, add/remove programms to delete "Surfacuracy" I couldnt find the file. In folder options i did what u asked, to show all hidden files. And i couldn't find the following flies c:\PROGRA~1\mcafee.com\ C:\Program Files\SurfAccuracy\ hosaw.exe httview.exe i didnt kno if i should carry on with the Cleanup. So just thought i would let you know before i continued. |
|
|
|
|
01-05-2006, 08:53 AM
|
#11 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
.................Here's The HJL.......................
Logfile of HijackThis v1.99.1 Scan saved at 16:51:30, on 05/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Kofo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ..................Here's The Online Scan........................... ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, January 05, 2005 16:51:03 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 5/01/2006 Kaspersky Anti-Virus database records: 169277 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 89471 Number of viruses found: 13 Number of infected objects: 142 Number of suspicious objects: 2 Duration of the scan process: 3611 sec Infected Object Name - Virus Name C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01F62821 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04432C2F Infected: Trojan-Downloader.Win32.Wintool.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05DE4871 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\094E51FD.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09B44805.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14DE0DFC.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15440403.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E937F55 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F951475.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F983E71.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F9C686E.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F9F126A.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA23C66.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA66663.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA9105F.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FAC3A5C.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FAF6458.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FB30E54.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FB63851.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FB9624D.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FBC0C4A.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FC03646.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FC36042.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FC60A3F.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FC9343B.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCD5E38.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FD00834.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FD6172A.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20466FB3.fr1 Infected: Trojan.Win32.Crypt.t C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20D54002.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218011E4.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22A23FC6 Infected: Trojan-Downloader.Win32.Wintool.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23833DD4 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23FA4399 Infected: Trojan-Downloader.Win32.Wintool.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26F76926.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C657C00.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E173B22.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\331B5CD5 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\370E5AA1.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37142E99.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F637FF.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\385C2E07.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A9C5ED4 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\403B26D4 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\416B363E Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\438673FE.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43EC6A05.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49E7713C Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AAC5808 Infected: Trojan-Downloader.Win32.Wintool.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F162FFC.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52356203.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57B30CB4.frC Infected: Trojan-Downloader.Win32.IstBar.gen C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57B960AD.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AA76BFB.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B0D6202.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E43EA8 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\622B11E0.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65496EE4.exe Infected: Backdoor.Win32.Prorat.ae C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D1E01.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67BD0898 Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BA84A0E Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C2B4179.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71EA6F3A Infected: not-a-virus:AdWare.Win32.Wintol.p C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\722D5A00.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72F702B4 Infected: Trojan-Downloader.Win32.Wintool.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DBE15FE.tmp Infected: Email-Worm.Win32.VB.an C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E240C06.tmp Infected: Email-Worm.Win32.VB.an C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0025999.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026000.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026001.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026002.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026003.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026004.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026005.sys Suspicious: Rootkit.Win32.Agent.ao C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP114\A0026008.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028119.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028120.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028121.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028122.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028123.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028124.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028125.sys Suspicious: Rootkit.Win32.Agent.ao C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP122\A0028130.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP129\A0029279.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032012.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033126.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033127.ocx Infected: not-a-virus:Porn-Dialer.Win32.Creazione.x C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033128.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033129.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033130.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033131.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033132.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033133.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033134.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033135.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033136.exe Infected: not-virus:Hoax.Win32.Renos.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033137.exe Infected: Email-Worm.Win32.VB.an C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033138.exe Infected: not-a-virus:AdWare.Win32.Lop.m C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033139.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035731.dll Infected: not-a-virus:Dialer.Win32.BT.c C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035732.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035733.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035734.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035735.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035736.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035737.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035738.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035739.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035740.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035741.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035742.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035743.exe Infected: Trojan-Downloader.Win32.Small.bhp C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035744.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035745.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035746.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035747.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035748.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035749.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035750.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035751.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035752.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035753.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035754.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035755.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035756.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035757.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035758.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035759.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035760.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035761.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035762.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035763.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035764.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035765.exe Infected: Backdoor.Win32.Prorat.ae C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035766.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP147\A0035767.exe Infected: Trojan-Downloader.Win32.Small.bhp C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023461.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023462.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023465.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023466.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023467.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023468.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0023473.dll Infected: Trojan.Win32.Crypt.t C:\WINDOWS\SYSTEM32\irctplug.exe Infected: Trojan.Win32.Crypt.t Scan process completed. ........................Here's The Ewido.................................. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 13:01:26, 05/01/2005 + Report-Checksum: 7D0514C5 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2626194381-1693727974-1655961439-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2626194381-1693727974-1655961439-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2626194381-1693727974-1655961439-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2626194381-1693727974-1655961439-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll -> Dialer.Generic : Cleaned with backup C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup C:\RECYCLER\NPROTECT\00271388.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271389.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271401.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271408.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271449.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271450.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271467.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271922.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271923.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00271947.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00272074.exe -> Downloader.Small.bhp : Cleaned with backup C:\RECYCLER\NPROTECT\00273357.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273361.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273382.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273393.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273446.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273447.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273459.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273466.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273481.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273482.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00273494.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274448.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274452.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274471.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274480.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274714.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274718.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274739.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00274747.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00275229.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00275230.exe -> Backdoor.Prorat.s : Cleaned with backup C:\RECYCLER\NPROTECT\00275248.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0030510.exe -> Spyware.Maxifiles : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0030511.exe -> Spyware.Maxifiles : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031975.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031976.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031977.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031979.exe -> Worm.VB.an : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031980.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031981.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031982.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031983.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031984.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031985.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031986.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031987.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031988.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031989.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031990.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031991.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031992.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031993.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031994.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031995.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031996.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031997.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031998.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0031999.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032000.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032001.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032002.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032003.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032004.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032005.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032006.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032007.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032008.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032009.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032010.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP145\A0032011.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033193.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033194.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033195.exe -> Backdoor.Prorat.s : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP146\A0033200.exe -> Worm.VB.an : Cleaned with backup C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup C:\WINDOWS\SYSTEM32\lncom.exe -> Downloader.Small.bhp : Cleaned with backup ::Report End My PC is still slow at start up, and also it says that i have new installed programmes when i dont. It highlights current programmes as newley installed in the start menu. |
|
|
|
|
01-05-2006, 09:10 AM
|
#12 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Besides being slow at start-up, does your machine display any signs of malware activity like search engines, browser re-directions? Or any pop ups?
Please delete the contents of this folder, leaving it empty: (Do not delete the container folder) C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\ Locate and delete the following files/folders: (let me know if you fail to find/delete any)
This will clear out the System Volume Informations folder Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
When you have completed the above, download StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following boxes only: System/Running Process -> List Modules System/Drivers -> NT Services System/Drivers -> NT Kernel- and FS-drivers Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) Start HJT & goto Config > Misc Tools - Open Uninstall Manager Click the Save List button & post the the resultant log here. Please highlight any entries that looks suspicious to you Please post StartDreck's log & the uninstall list in your next reply
__________________
|
|
|
|
|
01-05-2006, 09:45 AM
|
#13 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
There are few pop ups that appear,
there is one with a blue screen, where it says download spy ware software. ............ StarDrecks Log...................... StartDreck (build 2.1.7 public stable) - 2005-01-05 @ 17:39:19 (GMT +00:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Kofo at KOFOPC »Registry »Run Keys »Current User »Run *PopUpStopperFreeEdition="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" *CPQHotkeys=hotkeysvc.exe *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background *msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background *Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized »RunOnce »Default User »Run *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE »RunOnce »Local Machine »Run *IgfxTray=C:\WINDOWS\system32\igfxtray.exe *HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe *SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe *PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe" *DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" *IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe *dla=C:\WINDOWS\system32\dla\tfswctrl.exe *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *ccRegVfy=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot *CPQHotkeys=hotkeysvc.exe *LXBTCATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 *Lexmark 5200 series="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" *bcmwltry=bcmwltry.exe *removecpl=RemoveCpl.exe *NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer *RecoverFromReboot=C:\WINDOWS\Temp\RecoverFromReboot.exe *workflow=D:\installs\workflow.exe *iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *NAV CfgWiz="C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices *CPQHotkeys=hotkeysvc.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll *DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890} `InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll *Navbho.CNavExtBho.1/{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar1.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll »Internet Explorer »Current User *Local Page=C:\WINDOWS\system32\blank.htm *Search Bar=http://www.google.com/ie *Search Page=http://www.google.com *Start Page=http://www.google.co.uk/ +SearchUrl *provider=gogl *=http://home.microsoft.com/access/autosearch.asp?p=%s »Default User *Default_Page_URL=http://www.dell.co.uk/myway *First Home Page=http://www.dell.co.uk/myway *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.dell.co.uk/myway »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=about:blank *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://www.google.com/ie »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk *C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI »Default User *C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk *C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\WINDOWS\wininit.ini `[Rename] `NUL=C:\DOCUME~1\Kofo\LOCALS~1\Temp\banner.exe `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\slrundll.exe *C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\TASKMAN.EXE *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\WINHLP32.EXE *C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +444=\SystemRoot\System32\smss.exe +500=\??\C:\WINDOWS\system32\csrss.exe +524=\??\C:\WINDOWS\system32\winlogon.exe +872=C:\WINDOWS\system32\services.exe +884=C:\WINDOWS\system32\lsass.exe +1064=C:\WINDOWS\system32\svchost.exe +1132=C:\WINDOWS\system32\svchost.exe +1184=C:\WINDOWS\System32\svchost.exe +1328=C:\WINDOWS\System32\svchost.exe +1360=C:\WINDOWS\System32\svchost.exe +1576=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe +1628=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe +208=C:\WINDOWS\Explorer.EXE +592=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe +624=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe +844=C:\WINDOWS\system32\LEXBCES.EXE +1080=C:\WINDOWS\system32\LEXPPS.EXE +1088=C:\WINDOWS\system32\spoolsv.exe +1544=C:\Program Files\ewido anti-malware\ewidoctrl.exe +1788=C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe +1840=C:\WINDOWS\System32\svchost.exe +1888=C:\WINDOWS\System32\wdfmgr.exe +1428=C:\WINDOWS\System32\alg.exe +2148=C:\WINDOWS\system32\hkcmd.exe +2320=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe +2416=C:\Program Files\Dell\Media Experience\PCMService.exe +2424=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe +2432=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe +2440=C:\WINDOWS\system32\dla\tfswctrl.exe +2496=C:\Program Files\Common Files\Symantec Shared\ccApp.exe +2524=C:\Program Files\Common Files\Real\Update_OB\realsched.exe +2672=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe +2692=C:\WINDOWS\system32\bcmwltry.exe +2724=C:\Program Files\Lexmark 5200 series\lxbtbmon.exe +2820=C:\Program Files\iTunes\iTunesHelper.exe +2828=C:\Program Files\QuickTime\qttask.exe +2848=C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe +2872=C:\Program Files\Messenger\msmsgs.exe +2924=C:\Program Files\MSN Messenger\msnmsgr.exe +2948=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe +2996=C:\Program Files\iPod\bin\iPodService.exe +3156=C:\WINDOWS\System32\svchost.exe +3292=C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe +312=C:\Program Files\Common Files\Teleca Shared\Generic.exe +2168=C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe +3640=C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE +2292=C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe +3968=C:\Program Files\Internet Explorer\iexplore.exe +3456=C:\Documents and Settings\Kofo\Desktop\StartDreck\StartDreck.exe »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User ................... Unistall List ................................. Adobe After Effects 6.5 Adobe Encore DVD 1.5 Adobe Photoshop CS Adobe Premiere Pro Adobe Reader 7.0 Adobe SVG Viewer 3.0 Belkin Wireless Setup utility Boris Continuum Complete Broadcom Management Programs ccCommon CleanUp! ContextPlus Dell Media Experience Dell Photo Printer 720 Dell Solution Center Disc2Phone DivX Player DivX Pro Trial DVC305 ewido anti-malware Google Toolbar for Internet Explorer HijackThis 1.99.1 Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics Driver Internet Explorer Default Page Internet Worm Protection iTunes Java 2 Runtime Environment, SE v1.4.2_03 Kaspersky On-line Scanner Lexmark 5200 Series LimeWire LiveReg (Symantec Corporation) LiveUpdate 2.7 (Symantec Corporation) Macromedia Contribute Macromedia Director MX 2004 Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Fireworks MX Macromedia Flash MX Macromedia FreeHand MX Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Professional Edition 2003 Modem Event Monitor Modem Helper Modem On Hold Mozilla Firefox (1.0.7) MSN Messenger 7.5 MSRedist NAVShortcut Nero 6 Ultra Edition Norton AntiVirus 2004 Professional (Symantec Corporation) Norton AntiVirus 2006 Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update PACE System Files Pop-Up Stopper Free Edition PowerDVD 5.1 QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Sentinel System Driver Sony Ericsson Communication Center Sony Ericsson PC Suite 1.10.61 SPBBC Symantec SymNet Themexp.org File Unitor8 Control 3.0 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver |
|
|
|
|
01-05-2006, 10:38 AM
|
#14 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download AproposFix.exe - but do NOT run it yet. * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, please reboot back into normal mode. Post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
__________________
|
|
|
|
|
01-05-2006, 04:46 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Log of AproposFix v1
************ Running from directory: C:\Documents and Settings\Kofo\Desktop\aproposfix ************ Registry entries found: [HKEY_LOCAL_MACHINE\Software\CuXgmAAmhR25] "Device"="\\\\.\\perSSRV" "DriverPath"="C:\\WINDOWS\\system32\\drivers\\pcmidf2k.sys" "DriverName"="dmb80n5" "HideUninstallerName"="C:\\Program Files\\Reaipod\\rdopsapi.exe" "UninstallerPath"="C:\\WINDOWS\\system32\\irctplug.exe" "UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2A9F076E-C268-4B2E-B6E3-FD4890462AB1}" "UninstallerParams"="/CTUN" "HDll"="C:\\WINDOWS\\system32\\sclsprx2.dll" "ServerAddress"="adchannel.contextplus.net" "LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html" "PartnerId"="CP.IST2" "InstallationId"="{X07e07e4-92af-6d8e-4871-0e00b0d87f9a}" "PageFiltering"=dword:00000001 "ClientName"="C:\\Program Files\\Reaipod\\lintsnls.exe" "AutoUpdater"="C:\\WINDOWS\\system32\\mhwimapi.exe" ************ Removing hidden service: Service dmb80n5 removed. Removing hidden folder: Deletion of folder Reaipod succeeded! Deleting files: Deletion of file C:\WINDOWS\system32\drivers\pcmidf2k.sys succeeded! Deletion of file C:\WINDOWS\system32\mhwimapi.exe succeeded! Deletion of file C:\WINDOWS\system32\sclsprx2.dll succeeded! Deletion of file C:\WINDOWS\system32\irctplug.exe succeeded! Backing up files: Done! Removing registry entries: REGEDIT4 [-HKEY_CURRENT_USER\Software\CuXgmAAmhR25] [-HKEY_LOCAL_MACHINE\Software\CuXgmAAmhR25] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2A9F076E-C268-4B2E-B6E3-FD4890462AB1}] Done! Finished! ................................HJL.................. Logfile of HijackThis v1.99.1 Scan saved at 00:44:02, on 06/06/2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Kofo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
01-06-2006, 09:24 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 50
OS: XP
|
Still the same, nothing changed, still starting real slow and still showing new programmes installed.
It all really happend when i installed Norton, do u think i should uninstall it and see if that makes any difference? |
|
|
|
|
01-06-2006, 10:19 AM
|
#18 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Alike McAfee, Symantec products are knowned resource hogs. Replacing it should alleviate your slowdowns. Take a look at how many entries it has in the HJT log. This is what your machine has to labour through when it starts.
 Quote:
__________________
|
|
|
|
|
| Thread Tools | |
|
|
