1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

23100247.exe

Discussion in 'Virus & Other Malware Removal' started by NEWGUY2, Jul 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,322
    Thanks. You forgot to post a link to this thread but I've now done that for you so we should hear back soon.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,322
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the quote box below (including the line that says “files to delete”) to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.
     
  4. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    In a previous posting, you suggested not installing Service Pack 2 until everything was clean. Everything seems fine now and I would like to install SP2. Below is a log from Hijackthis. Do you see any reason why I can't install SP2? Thank you very much and have a Great day!

    Logfile of HijackThis v1.99.1
    Scan saved at 9:16:22 AM, on 9/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.

    exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr

    .exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.

    exe
    C:\Program Files\Common Files\Symantec

    Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-

    LC\symlcsvc.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Sunbelt

    Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr

    .exe
    C:\Program Files\Sunbelt

    Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Center\UsrPrmpt.exe
    C:\Program Files\Adaptec\Easy CD Creator 5

    \DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt

    Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL = http://my.netzero.

    net/s/search?r=minisearch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B

    87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

    \Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B

    084872} - C:\Program Files\Norton AntiVirus\NavShExt.

    dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C

    9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8

    AD1-7859DF00B1D6} - C:\Program Files\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program

    Files\Common Files\Symantec Shared\Security

    Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AHQInit] C:\Program

    Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program

    Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program

    Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt

    Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft

    Works\Wkfud.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:

    \Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program

    Files\Washer\washidx.exe
    O8 - Extra context menu item: Look Up in &Encyclopedia

    - C:\Program Files\Common Files\Microsoft

    Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-

    0759-11D4-A92E-006097DBED37} - C:\Program Files\Common

    Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2

    FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program

    Files\Common Files\Microsoft Shared\Reference 2001

    \A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-

    006097DBED37} - C:\Program Files\Common Files\Microsoft

    Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-

    11D4-A92E-006097DBED37} - C:\Program Files\Common

    Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9

    E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F

    110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet

    Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.skillport.com
    O15 - Trusted Zone: www.smartforce.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (

    Windows Genuine Advantage Validation Tool) - http://go

    .microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (

    LSSupCtl Class) - https://www-secure.symantec.com/

    techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (

    AXClientUtil2 Control) - http://www.smartforce.com/v2.

    1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (

    SysData Class) - http://ipgweb.cce.hp.com/rdqaio/

    downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (

    MUWebControl Class) - http://update.microsoft.com/

    microsoftupdate/v6/V5Controls/en/x86/client/muweb_site

    .cab?1153489594770
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (

    HouseCall Control) - http://a840.g.akamai.net/7/840/

    537/2004061001/housecall.trendmicro.com/housecall/

    xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (

    TLIEFlashObj Class) - https://echat.us.dell.com/Media/

    VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (

    ActiveScan Installer Class) - http://acs.pandasoftware

    .com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (

    ActiveDataInfo Class) - https://www-secure.symantec.

    com/techsupp/asa/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (

    QDiagHUpdateObj Class) - http://h30155.www3.hp.com/

    ediags/hpfix/aio/en/qdiagh.cab?326
    O23 - Service: Automatic LiveUpdate Scheduler -

    Symantec Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:

    \WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc)

    - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access -

    Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA

    .EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-

    Malware Development a.s. - C:\Program Files\ewido anti

    -spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (

    ImapiService) - Roxio Inc. - C:\WINDOWS\System32

    \ImapiRox.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:

    \PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (

    navapsvc) - Symantec Corporation - C:\Program

    Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown

    owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor

    Service (NPFMntor) - Symantec Corporation - C:\Program

    Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (

    NProtectService) - Symantec Corporation - C:\PROGRA~1

    \NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) -

    NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:

    \Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) -

    Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1

    \SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (

    SNDSrvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec

    Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1

    \NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation

    - C:\Program Files\Common Files\Symantec Shared\CCPD-

    LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) -

    Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,322
    Please repost the log and be sure word wrap is off in Format in Notepad.

    Also, before posting it, go to Start - Run - type in msconfig - click OK and click on the startup tab then check "enable all".
     
  6. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Logfile of HijackThis v1.99.1
    Scan saved at 5:37:30 PM, on 9/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ISP.COM Internet Services\dialer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.skillport.com
    O15 - Trusted Zone: www.smartforce.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153489594770
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36A5449F-761D-45B3-913A-368BD829C94C}: NameServer = 69.72.11.13 209.163.108.78
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,322
    Your log looks fine. (y)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484843

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice