I Think I Got A Virus Hijack This

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
MY COMPUTER IS PRETTY FUNKY NO NUMBER KEYS NO CAPS LOCK CAN:T USE BACK BOTTON WHEN I TRY AND DOUBLE CLICL AN ICON IT LITE UP THE WHOLE DESK TOP >>>>>> REN NORTON > ADAWARE> CWS ETC
PLEASE HELP

Logfile of HijackThis v1.99.1
Scan saved at 9:54:12 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\lssas.exe
C:\WINDOWS\system32\msthost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11004D63-D403-4128-BE38-BA8035F01AE4} (csCAM.csAccountManager) - https://www.centershift.com/store31/x/csConsolidatedAccountManager.CAB
O16 - DPF: {1178E4A2-86B4-11D5-89FA-00C04F2FABD2} (STANPin.clsPins) - https://www.centershift.com/store31/x/STANPin.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {16FAC6F5-C570-4E77-9187-7ED6C9D6451C} (CXPlugin.CXMovein) - https://www.centershift.com/store31/x/csCXPlugIn.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {22CF1688-43B2-4BE6-AD4F-0BED3D188416} (BatchPaymentOCX.ctlBPay) - https://www.centershift.com/store31/x/BatchPaymentOCX.CAB
O16 - DPF: {306A3A9D-5711-468C-89E1-08B53607ADEC} (Centershift_ClientManager.CS_CCManager) - https://www.centershift.com/store31/x/Centershift_ClientManager31.CAB
O16 - DPF: {35A07B73-808D-409F-B12E-8EAE82154C78} (MessagePolling.ctlMsgPolling) - https://www.centershift.com/store31/x/msgPolling.CAB
O16 - DPF: {35D8C241-C955-49C1-8995-7B08DB1D089E} (Lookups.LookupAdmin) - https://www.centershift.com/store31/x/LookupProj.CAB
O16 - DPF: {4DA69678-F10F-430A-BC87-ED40B89F5875} (hKey.Current_user) - https://www.centershift.com/csweb/components/hkey.CAB
O16 - DPF: {52EEED38-6E2F-4B1D-AE39-99FBB56CF8B1} (CSPayment.clsPayment) - https://www.centershift.com/store31/x/CSPayment.CAB
O16 - DPF: {567ACF49-8D60-4348-B92D-60BF0C2FE5E0} (csDelProcAdmin01_Control.csDelProcAdmin) - https://www.centershift.com/store31/x/csDelProcAdmin01.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489834973
O16 - DPF: {6B42B55C-583F-480C-861D-CED3FCAD3512} (csAuctionAdmin.ctlAuctionAdmin) - https://www.centershift.com/store31/x/csAuctionAdmin.CAB
O16 - DPF: {846D1B10-EC6B-4334-9FFA-EABEC4E8F025} (csPopUpCalendar.csCal) - https://www.centershift.com/csweb/components/csCal.CAB
O16 - DPF: {960DDF83-B61A-4707-B8B2-4BA978B8F2BB} - https://www.centershift.com/store31/x/csPrint31.CAB
O16 - DPF: {9C2FC5A6-1D2B-434D-82D8-38652C74F43A} (CSFSO.FileSystemObject) - https://www.centershift.com/store31/x/CSFSO.CAB
O16 - DPF: {9E84AFC0-6C29-43FE-8AB5-3A9701CBAB01} (Gate31.Controller) - https://www.centershift.com/store31/x/Gate31.CAB
O16 - DPF: {A5741E90-2468-4444-96A1-507095977D40} (csReportView.csReportViewer) - https://www.centershift.com/csds22/csReportViewer.CAB
O16 - DPF: {A5F9D5D3-5A9E-40B5-8E5C-9CFAE21AF0DF} (CSInstallPak3.CSInstaller30) - https://www.centershift.com/store31/x/CSinstall30.CAB
O16 - DPF: {A61C74D0-3876-4CBD-9B75-61EC04FE31EE} (Navigator3.CS_Navigator3) - https://www.centershift.com/store31/x/csNavigator3.CAB
O16 - DPF: {A866B6B1-D925-4D7E-BDAD-B03EC0451464} (csYM4.csYield) - https://www.centershift.com/store31/x/csYM4.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C04E671A-5638-4544-B6B0-8586B10A6E96} (csMoveIn.ctrMoveIn) - https://www.centershift.com/store31/x/csMoveIn.CAB
O16 - DPF: {C9BADB23-839E-48C7-BA37-4E1433F15E1C} (STANChangeAddress.clsChangeAddress) - https://www.centershift.com/store31/x/STANChangeAddress.CAB
O16 - DPF: {E2DAB340-21E9-4795-8105-394CC6DF75BC} (csStoSA.csStoSAContainer) - https://www.centershift.com/store31/x/csStoSA.CAB
O16 - DPF: {EF783396-97FB-400B-A6B0-2AC5A74D65DF} (CentershiftMap.csMap) - https://www.centershift.com/store31/x/csMap30.CAB
O16 - DPF: {F187501F-293B-4E88-93E5-E8A536FAB937} (CSFSO.FileSystemObject) - https://www.centershift.com/csweb/components/CSFSO.CAB
O16 - DPF: {F7A34E78-9C47-4B32-A425-4FF7B0E5F77F} (STANsearchControl.STANuserControl) - https://www.centershift.com/store31/x/csSearch.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Get these tools

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html * NEW *
AdAware SE 1.06 http://www.majorgeeks.com/download506.html - * NEW *
MS AntiSpy - http://download.microsoft.com/downl...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize


After running the above then

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
Logfile of HijackThis v1.99.1
Scan saved at 12:56:22 AM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\lssas.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11004D63-D403-4128-BE38-BA8035F01AE4} (csCAM.csAccountManager) - https://www.centershift.com/store31/x/csConsolidatedAccountManager.CAB
O16 - DPF: {1178E4A2-86B4-11D5-89FA-00C04F2FABD2} (STANPin.clsPins) - https://www.centershift.com/store31/x/STANPin.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {16FAC6F5-C570-4E77-9187-7ED6C9D6451C} (CXPlugin.CXMovein) - https://www.centershift.com/store31/x/csCXPlugIn.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {22CF1688-43B2-4BE6-AD4F-0BED3D188416} (BatchPaymentOCX.ctlBPay) - https://www.centershift.com/store31/x/BatchPaymentOCX.CAB
O16 - DPF: {306A3A9D-5711-468C-89E1-08B53607ADEC} (Centershift_ClientManager.CS_CCManager) - https://www.centershift.com/store31/x/Centershift_ClientManager31.CAB
O16 - DPF: {35A07B73-808D-409F-B12E-8EAE82154C78} (MessagePolling.ctlMsgPolling) - https://www.centershift.com/store31/x/msgPolling.CAB
O16 - DPF: {35D8C241-C955-49C1-8995-7B08DB1D089E} (Lookups.LookupAdmin) - https://www.centershift.com/store31/x/LookupProj.CAB
O16 - DPF: {4DA69678-F10F-430A-BC87-ED40B89F5875} (hKey.Current_user) - https://www.centershift.com/csweb/components/hkey.CAB
O16 - DPF: {52EEED38-6E2F-4B1D-AE39-99FBB56CF8B1} (CSPayment.clsPayment) - https://www.centershift.com/store31/x/CSPayment.CAB
O16 - DPF: {567ACF49-8D60-4348-B92D-60BF0C2FE5E0} (csDelProcAdmin01_Control.csDelProcAdmin) - https://www.centershift.com/store31/x/csDelProcAdmin01.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489834973
O16 - DPF: {6B42B55C-583F-480C-861D-CED3FCAD3512} (csAuctionAdmin.ctlAuctionAdmin) - https://www.centershift.com/store31/x/csAuctionAdmin.CAB
O16 - DPF: {846D1B10-EC6B-4334-9FFA-EABEC4E8F025} (csPopUpCalendar.csCal) - https://www.centershift.com/csweb/components/csCal.CAB
O16 - DPF: {960DDF83-B61A-4707-B8B2-4BA978B8F2BB} - https://www.centershift.com/store31/x/csPrint31.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9C2FC5A6-1D2B-434D-82D8-38652C74F43A} (CSFSO.FileSystemObject) - https://www.centershift.com/store31/x/CSFSO.CAB
O16 - DPF: {9E84AFC0-6C29-43FE-8AB5-3A9701CBAB01} (Gate31.Controller) - https://www.centershift.com/store31/x/Gate31.CAB
O16 - DPF: {A5741E90-2468-4444-96A1-507095977D40} (csReportView.csReportViewer) - https://www.centershift.com/csds22/csReportViewer.CAB
O16 - DPF: {A5F9D5D3-5A9E-40B5-8E5C-9CFAE21AF0DF} (CSInstallPak3.CSInstaller30) - https://www.centershift.com/store31/x/CSinstall30.CAB
O16 - DPF: {A61C74D0-3876-4CBD-9B75-61EC04FE31EE} (Navigator3.CS_Navigator3) - https://www.centershift.com/store31/x/csNavigator3.CAB
O16 - DPF: {A866B6B1-D925-4D7E-BDAD-B03EC0451464} (csYM4.csYield) - https://www.centershift.com/store31/x/csYM4.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C04E671A-5638-4544-B6B0-8586B10A6E96} (csMoveIn.ctrMoveIn) - https://www.centershift.com/store31/x/csMoveIn.CAB
O16 - DPF: {C9BADB23-839E-48C7-BA37-4E1433F15E1C} (STANChangeAddress.clsChangeAddress) - https://www.centershift.com/store31/x/STANChangeAddress.CAB
O16 - DPF: {E2DAB340-21E9-4795-8105-394CC6DF75BC} (csStoSA.csStoSAContainer) - https://www.centershift.com/store31/x/csStoSA.CAB
O16 - DPF: {EF783396-97FB-400B-A6B0-2AC5A74D65DF} (CentershiftMap.csMap) - https://www.centershift.com/store31/x/csMap30.CAB
O16 - DPF: {F187501F-293B-4E88-93E5-E8A536FAB937} (CSFSO.FileSystemObject) - https://www.centershift.com/csweb/components/CSFSO.CAB
O16 - DPF: {F7A34E78-9C47-4B32-A425-4FF7B0E5F77F} (STANsearchControl.STANuserControl) - https://www.centershift.com/store31/x/csSearch.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
Still I Have No Commas < Shift Keys > Number Keys > It Still High Lights All The Icons On My Desk Top< Some Times When I Go Out To Another User And Back Into Mine I Have A Little More Control< But I Loose It If I Re Boot >>>>have You Seen This Before ???
 
Joined
Mar 5, 2005
Messages
33
Have you tried swoping the keyboard settings around just have a check to see if it is set up to english (UK) through control panel, if it is change it to the US version and reboot, and then change it back again. If the desk top items are high lighted, go into settings and change the single click an item to double click an item. I can't see anything wrong with the hijack this log, have you tried with a new keyboard??

cheers woody.
 
Joined
Sep 7, 2004
Messages
49,014
Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe

O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Netbios Helper Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Repeat for - Network DDE Connections

------------

In Hijack This, click on the "Open Misc Tools section" button. Next click the "Delete an NT service" button. Copy and paste the following in that box:

NETDDEC

Click OK.


Boot

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan


Please give feedback on what worked/didn’t work and the current status of your system
 

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
Cant Use Per Cent Sign Or Period So I Cant Do The Last Part Of You Suggestions With Percent Temp Persent Or Services Period Msc
Also When I Try To Go To Panda It Wants My E Mail Address And I Cant Use The At Sign Kinda Lost >>>>i Ready To Do A Complete Re Install Of Windows At This Point But I Need A Step By Step Method To Format My Hard Drives And Re Installl What Do Ya Think I Kinda Lost
 

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
Logfile of HijackThis v1.99.1
Scan saved at 11:51:43 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11004D63-D403-4128-BE38-BA8035F01AE4} (csCAM.csAccountManager) - https://www.centershift.com/store31/x/csConsolidatedAccountManager.CAB
O16 - DPF: {1178E4A2-86B4-11D5-89FA-00C04F2FABD2} (STANPin.clsPins) - https://www.centershift.com/store31/x/STANPin.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {16FAC6F5-C570-4E77-9187-7ED6C9D6451C} (CXPlugin.CXMovein) - https://www.centershift.com/store31/x/csCXPlugIn.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {22CF1688-43B2-4BE6-AD4F-0BED3D188416} (BatchPaymentOCX.ctlBPay) - https://www.centershift.com/store31/x/BatchPaymentOCX.CAB
O16 - DPF: {306A3A9D-5711-468C-89E1-08B53607ADEC} (Centershift_ClientManager.CS_CCManager) - https://www.centershift.com/store31/x/Centershift_ClientManager31.CAB
O16 - DPF: {35A07B73-808D-409F-B12E-8EAE82154C78} (MessagePolling.ctlMsgPolling) - https://www.centershift.com/store31/x/msgPolling.CAB
O16 - DPF: {35D8C241-C955-49C1-8995-7B08DB1D089E} (Lookups.LookupAdmin) - https://www.centershift.com/store31/x/LookupProj.CAB
O16 - DPF: {4DA69678-F10F-430A-BC87-ED40B89F5875} (hKey.Current_user) - https://www.centershift.com/csweb/components/hkey.CAB
O16 - DPF: {52EEED38-6E2F-4B1D-AE39-99FBB56CF8B1} (CSPayment.clsPayment) - https://www.centershift.com/store31/x/CSPayment.CAB
O16 - DPF: {567ACF49-8D60-4348-B92D-60BF0C2FE5E0} (csDelProcAdmin01_Control.csDelProcAdmin) - https://www.centershift.com/store31/x/csDelProcAdmin01.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489834973
O16 - DPF: {6B42B55C-583F-480C-861D-CED3FCAD3512} (csAuctionAdmin.ctlAuctionAdmin) - https://www.centershift.com/store31/x/csAuctionAdmin.CAB
O16 - DPF: {846D1B10-EC6B-4334-9FFA-EABEC4E8F025} (csPopUpCalendar.csCal) - https://www.centershift.com/csweb/components/csCal.CAB
O16 - DPF: {960DDF83-B61A-4707-B8B2-4BA978B8F2BB} - https://www.centershift.com/store31/x/csPrint31.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9C2FC5A6-1D2B-434D-82D8-38652C74F43A} (CSFSO.FileSystemObject) - https://www.centershift.com/store31/x/CSFSO.CAB
O16 - DPF: {9E84AFC0-6C29-43FE-8AB5-3A9701CBAB01} (Gate31.Controller) - https://www.centershift.com/store31/x/Gate31.CAB
O16 - DPF: {A5741E90-2468-4444-96A1-507095977D40} (csReportView.csReportViewer) - https://www.centershift.com/csds22/csReportViewer.CAB
O16 - DPF: {A5F9D5D3-5A9E-40B5-8E5C-9CFAE21AF0DF} (CSInstallPak3.CSInstaller30) - https://www.centershift.com/store31/x/CSinstall30.CAB
O16 - DPF: {A61C74D0-3876-4CBD-9B75-61EC04FE31EE} (Navigator3.CS_Navigator3) - https://www.centershift.com/store31/x/csNavigator3.CAB
O16 - DPF: {A866B6B1-D925-4D7E-BDAD-B03EC0451464} (csYM4.csYield) - https://www.centershift.com/store31/x/csYM4.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C04E671A-5638-4544-B6B0-8586B10A6E96} (csMoveIn.ctrMoveIn) - https://www.centershift.com/store31/x/csMoveIn.CAB
O16 - DPF: {C9BADB23-839E-48C7-BA37-4E1433F15E1C} (STANChangeAddress.clsChangeAddress) - https://www.centershift.com/store31/x/STANChangeAddress.CAB
O16 - DPF: {E2DAB340-21E9-4795-8105-394CC6DF75BC} (csStoSA.csStoSAContainer) - https://www.centershift.com/store31/x/csStoSA.CAB
O16 - DPF: {EF783396-97FB-400B-A6B0-2AC5A74D65DF} (CentershiftMap.csMap) - https://www.centershift.com/store31/x/csMap30.CAB
O16 - DPF: {F187501F-293B-4E88-93E5-E8A536FAB937} (CSFSO.FileSystemObject) - https://www.centershift.com/csweb/components/CSFSO.CAB
O16 - DPF: {F7A34E78-9C47-4B32-A425-4FF7B0E5F77F} (STANsearchControl.STANuserControl) - https://www.centershift.com/store31/x/csSearch.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

dimmie

Thread Starter
Joined
Jan 20, 2004
Messages
152
Last week you were helping me with a strange mouse, and key board problem ( see thread from dimmie ) you looked into my hijack etc .... well i took several of your suggestions, i had alot of junk on my hard drive so ... i re formatted and re loaded windows , as well as took your advise and got a new key board ,and mouse , everything has been better till today when i was attempting to re loard printers and other soft ware, the same thing happened , i go to click on a desk top icon and they all high light, i have a reversed caps lock ( caps when i don't hit the caps lock key) and the shift key when held down and hit a number does not give me the option of % # & ^ @ etc ( as you can see it dosent happen all the time ) when i turn off the computer and re boot it usually goes away , once since i put ther new key board in i had to unplug it
anyway , someone told me that i might have to start looking into the mother board !! that i should open my desk top and take out the battery and re set it !! have you ever heard of this , what will this action do to my setting s , if your not a hardware guy maybe you can ask among the other experts and see what they think ...im going to also post this thread on the web site ti see if there is any ideas out there....thanks
 
Joined
Sep 7, 2004
Messages
49,014
Mark this thread close and post in hardware, sounds like a hardware issue to me.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top