There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer crash dell desktop driver drivers email error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot recovery redirect router screen slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
I dont know (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 6 of 7 « First 345 6 7
 
Thread Tools
dvk01's Avatar
Moderator with 27,559 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
27-Nov-2006, 04:31 PM #76
I think something has damaged norton

lets see what this shows

Click here to download Dr.Web CureIt and save it to your desktop.
  • Doubleclick the drweb-cureit.exe file and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
Register for free to hide this ad!
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 07:38 PM #77
That link is not functioning.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 07:39 PM #78
I'm gonna go ahead and google it. If that'll work I'll comply with instructions.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 07:48 PM #79
I managed to dl drwebcureit v 4.33, but it is nonresponsive on startup.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 07:49 PM #80
Ah, here we go. it's working it seems.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 07:57 PM #81
Well, it gave me the express scan promp, but I don't think that it's scanning. It is drweb32 is in my process list, but it's not active.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 09:19 PM #82
I did get web fix running. It did not present an option to save the log file. I'm rerunning dweb, in the hopes to get a logfile. In the meantime here's the hjt. Prob shoulda done hjt first. if that's a big deal I'll resubmit that as well.

Logfile of HijackThis v1.99.1
Scan saved at 9:17:46 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\dllhost.exe
C:\New Folder\drweb-cureit.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RarSFX3\drw_start.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RarSFX3\drweb32w.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\New Folder\hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
27-Nov-2006, 09:25 PM #83
What's up with the 02 no file?
dvk01's Avatar
Moderator with 27,559 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-Nov-2006, 04:24 AM #84
if dr web won't run either then it very much sounds lijke some sort of rootkit that is blocking all known antiviruses

lets see if this runs

download gmer rootkit detector from http://gmer.net/

unzip it & double click the gmer.exe file

select rootkit tab & press scan

when it has finished press save & post back the log it makes

also select the autostarts tab & do the same there


http://www.gmer.net/catchme.php

Download catchme.exe ( 25kB ) to your desktop.

Double click the catchme.exe to run it

Open catchme.log to see results
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
28-Nov-2006, 04:18 PM #85
One of these barrage of tests I've ran did detect a rootkit. I can't remember wich one. Running gmer.
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
28-Nov-2006, 04:42 PM #86
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-11-28 16:38:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 84509610 ZwAlertResumeThread
SSDT 83FC8A40 ZwAlertThread
SSDT 840A6768 ZwAllocateVirtualMemory
SSDT 83FC70B0 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 84561700 ZwCreateMutant
SSDT 83EE62D0 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT 840BA070 ZwFreeVirtualMemory
SSDT 845094D0 ZwImpersonateAnonymousToken
SSDT 84454070 ZwImpersonateThread
SSDT 84035728 ZwMapViewOfSection
SSDT 845619B8 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 844E23F8 ZwOpenProcessToken
SSDT 83FCCAD8 ZwOpenThreadToken
SSDT 83FD4A20 ZwQueryValueKey
SSDT 83FC9F40 ZwResumeThread
SSDT 83FC8F38 ZwSetContextThread
SSDT 84535CD8 ZwSetInformationProcess
SSDT 83FC8CC8 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 844803B0 ZwSuspendProcess
SSDT 83FC8B18 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 83FC8BF0 ZwTerminateThread
SSDT 83FC5CA0 ZwUnmapViewOfSection
SSDT 840812E8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 235C 80501060 1 Byte [ 10 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 235E 80501062 6 Bytes [ 50, 84, 40, 8A, FC, 83 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2514 80501218 8 Bytes [ AC, 48, D3, F7, F8, 23, 4E, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 26BC 805013C0 8 Bytes [ D8, 5C, 53, 84, C8, 8C, FC, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 8 Bytes [ B0, 03, 48, 84, 18, 8B, FC, ... ]
.text ...

---- Files - GMER 1.0.12 ----

ADS C:\Program Files\Secret Agent Europe Demo\Saves: Sekaidus.txt
ADS C:\Program Files\Yahoo! Games\Kudos\Kudos.exe:{0DB867D3-39B4-0C1C-3EE4-78A6FB6720D8}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0009212.exe:{0DB867D3-39B4-0C1C-3EE4-78A6FB6720D8}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29\A0009306.exe:{0DB867D3-39B4-0C1C-3EE4-78A6FB6720D8}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP43\A0011238.exe:{03134AAF-A1B3-690E-9D31-CDE1663EC12E}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011293.exe:{E92B496A-83C0-A9C6-0E76-6A863CB0EBBE}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011326.exe:{412671F2-67CC-B6FC-FF7E-939286C16C84}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011337.exe:{37F4C7F6-9842-7FB4-CA0F-DB8ACEC5FABB}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011345.exe:{A0D68B9F-0167-86B5-7275-F15A4A1062CB}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011357.exe:{03134AAF-A1B3-690E-9D31-CDE1663EC12E}
ADS C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45\A0011380.exe:{5B9E8F18-28E3-93F7-ECEC-1C182FF728AA}
ADS ...

---- EOF - GMER 1.0.12 ----
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
28-Nov-2006, 04:43 PM #87
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2006-11-28 16:43:04
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ARSVC /*ARSVC*/@ = C:\WINDOWS\arservice.exe
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
ccEvtMgr /*Symantec Event Manager*/@ = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\mcrdsvc.exe
navapsvc /*Norton AntiVirus Auto-Protect Service*/@ = "c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SNDSrvc /*Symantec Network Drivers Service*/@ = "c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*Symantec SPBBCSvc*/@ = "c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@ WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{ 57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{DBFB267C-334F-4F19-A304-63B7130C20C7} /*MediaCenter Property Page*/arpower.dll = arpower.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0106.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0106.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.An tivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
@{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll = C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\wpgldfsh.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://securityresponse.symantec.com/avcenter/fix_homepage/ = http://securityresponse.symantec.com.../fix_homepage/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.12 ----
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
28-Nov-2006, 04:48 PM #88
The scan on catch me revealed 0 0 and 0.
dvk01's Avatar
Moderator with 27,559 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-Nov-2006, 06:41 PM #89
nothing there

lets see if these show anything

download & run http://www.sysinternals.com/Utilitie...tRevealer.html
save it's log and post back with the log

DO NOT attempt to fix anything it finds as most entries will be legitimate


and

Download F-Secure Blacklight (blbeta.exe) to your C:\ drive.
- Open a command window. (Start>Run and type: cmd)
- Copy paste or type the following in the command window:

C:\blbeta.exe /expert

- Accept the user agreement.
- Click Scan.
After the scan finishes, click on Next, then Exit.

BlackLight will create a log in your C:\ drive with the name "fsbl-xxxxxxx.log". Please post that log.
[/quote]
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
Sekaidus's Avatar
Member with 96 posts.
  
Join Date: Jan 2006
Experience: Intermediate
28-Nov-2006, 07:33 PM #90
HKLM\SECURITY\Policy\Secrets\SAC* 8/1/2006 8:32 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/1/2006 8:32 AM 0 bytes Key name contains embedded nulls (*)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0924NAV~.TMP 11/28/2006 6:58 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf 11/28/2006 6:50 PM 42.85 KB Hidden from Windows API.
D: 0 bytes Error mounting volume

the d drive is for system restore.
Closed Thread Bookmark and Share
Page 6 of 7 « First 345 6 7

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 06:48 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.