1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this log. coolwwwsearch....

Discussion in 'Virus & Other Malware Removal' started by reality6337, Jan 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. reality6337

    reality6337 Thread Starter

    Joined:
    Sep 28, 2000
    Messages:
    107
    Hi, I have winxp pro and Ive been having pop ups and some tool bar that I am trying to get rid of. I have run Spybot, also the spybot for dso, adaware, avg vrus scan, bigfix. coolwwwsearch stays there as well as hunt bar. Here is my hijack this log. Any help would be wonderful!

    Logfile of HijackThis v1.99.0
    Scan saved at 12:28:18 PM, on 30/01/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\qvdowign5.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\real the poll test\Rdr Win.exe
    C:\WINDOWS\System32\ludjnosf.exe
    C:\WINDOWS\System32\oxzoxayp.exe
    C:\WINDOWS\System32\atmlib.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Neil\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bigpond.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {1E03D1FC-BAE5-0713-DCBB-274DCC43E2A6} - C:\WINDOWS\System32\gnltraxt.dll
    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll
    O2 - BHO: (no name) - {D4F4D56C-5174-E8AE-7ED8-B44BF131C5A7} - C:\WINDOWS\System32\geybiryb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
    O4 - HKLM\..\Run: [SYSTEM] lsas.exe
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [poll test delete hold] C:\Documents and Settings\All Users.WINDOWS\Application Data\real the poll test\Rdr Win.exe
    O4 - HKLM\..\Run: [ti] %systemroot%\ttt.bat
    O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - HKLM\..\Run: [ludjnosf] C:\WINDOWS\System32\ludjnosf.exe
    O4 - HKLM\..\Run: [oxzoxayp] C:\WINDOWS\System32\oxzoxayp.exe
    O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvskt32.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\RunServices: [MSN Update] C:\WINDOWS\system32\mschat
    O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
    O4 - HKCU\..\Run: [atmlib] C:\WINDOWS\System32\atmlib.exe
    O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\aklsp.dll' missing
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampb-au/aub/games1.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: upqrxfoztrdf - Unknown - C:\WINDOWS\System32\qvdowign5.exe
    O23 - Service: BigPond Broadband Cable Login - Unknown - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Bit Torrent - Unknown - C:\WINDOWS\system.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
     
  2. reality6337

    reality6337 Thread Starter

    Joined:
    Sep 28, 2000
    Messages:
    107
    I have run killbox and ddlcompare and the vx2finder thingy. Here is my new log.

    Logfile of HijackThis v1.99.0
    Scan saved at 2:12:12 PM, on 30/01/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\qvdowign5.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\ludjnosf.exe
    C:\WINDOWS\System32\oxzoxayp.exe
    C:\WINDOWS\System32\oxzoxayp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\atmlib.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bigpond.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {1E03D1FC-BAE5-0713-DCBB-274DCC43E2A6} - C:\WINDOWS\System32\gnltraxt.dll
    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll
    O2 - BHO: (no name) - {D4F4D56C-5174-E8AE-7ED8-B44BF131C5A7} - C:\WINDOWS\System32\geybiryb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
    O4 - HKLM\..\Run: [SYSTEM] lsas.exe
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [poll test delete hold] C:\Documents and Settings\All Users.WINDOWS\Application Data\real the poll test\Rdr Win.exe
    O4 - HKLM\..\Run: [ti] %systemroot%\ttt.bat
    O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - HKLM\..\Run: [ludjnosf] C:\WINDOWS\System32\ludjnosf.exe
    O4 - HKLM\..\Run: [oxzoxayp] C:\WINDOWS\System32\oxzoxayp.exe
    O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvskt32.exe
    O4 - HKLM\..\RunServices: [MSN Update] C:\WINDOWS\system32\mschat
    O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
    O4 - HKCU\..\Run: [atmlib] C:\WINDOWS\System32\atmlib.exe
    O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Broken Internet access because of LSP provider 'c:\windows\system32\aklsp.dll' missing
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampb-au/aub/games1.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: upqrxfoztrdf - Unknown - C:\WINDOWS\System32\qvdowign5.exe
    O23 - Service: BigPond Broadband Cable Login - Unknown - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Bit Torrent - Unknown - C:\WINDOWS\system.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Check the box that says "I know what I'm doing".
    Remove aklsp.dll only that one!

    Reboot and delete the file: c:\windows\system32\aklsp.dll

    Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

    Reboot and post another log.
     
  4. reality6337

    reality6337 Thread Starter

    Joined:
    Sep 28, 2000
    Messages:
    107
    thank you cybertech for getting back to me. I ran islfix and took out only aklsp.dll. Now I am looking for the c:\windows\system32\aklsp.dll but it isnt in the system32 folder. Where else would it be? Also, before the islfix I did have an arror stating...3037E cannot bind to the selected port error 10038. Will the lsifix have helped that?
     
  5. reality6337

    reality6337 Thread Starter

    Joined:
    Sep 28, 2000
    Messages:
    107
    I went ahead and networked the very sick pc to my other one and ran Panda, Trend and RAV. They all found lots!!! here is my new hijack log

    Logfile of HijackThis v1.99.0
    Scan saved at 2:44:31 PM, on 31/01/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Telstra\Cable Login\bpcable.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\qvdowign5.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Neil\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
    C:\WINDOWS\System32\atmlib.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bigpond.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\PDF2c65.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [poll test delete hold] C:\Documents and Settings\All Users.WINDOWS\Application Data\real the poll test\Rdr Win.exe
    O4 - HKLM\..\Run: [ti] %systemroot%\ttt.bat
    O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - HKLM\..\Run: [ludjnosf] C:\WINDOWS\System32\ludjnosf.exe
    O4 - HKLM\..\Run: [oxzoxayp] C:\WINDOWS\System32\oxzoxayp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF2c65.dll"
    O4 - HKLM\..\RunServices: [MSN Update] C:\WINDOWS\system32\mschat
    O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
    O4 - HKCU\..\Run: [atmlib] C:\WINDOWS\System32\atmlib.exe
    O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
    O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF2c65.dll"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampb-au/aub/games1.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: upqrxfoztrdf - Unknown - C:\WINDOWS\System32\qvdowign5.exe
    O23 - Service: BigPond Broadband Cable Login - Unknown - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Bit Torrent - Unknown - C:\WINDOWS\system.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You are running hijackthis from a temporary folder. The backups that hijackthis creates can be accidentally deleted when not in a permanent folder. Please do the following:

    Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

    Then post a log so I can see you have moved it and suggest items for you to remove.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324761

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice