1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Major problems with winxp PLEASE help!

Discussion in 'Virus & Other Malware Removal' started by jmpfourtwent, Jan 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    I could get AVG and the spybot progs and run them both if you could link me up, im fairly good with computers i know what im doing so it doesnt matter what kind of files you give me or how complicated it is that you need me to do i can do whatever if you gimme directions :) the my websearch thing wasnt in my add/remove progs but i cleaned up my temp java files and im cleaning all my temp internet files and doing some clenaups like that and i ran a norton av scan came up clean and im gonna run another panda scan after all this and see waht it brings up and goto sleep while thats running and tommorrow wake up and hopefully youll have replied by then and ill run tommorrow whatever you give me and do whatever else you suggest

    thanks alot again for all your help it really feels good knowing you have someone to ask about somethin like this
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Good....I will have that info posted tomorrow.
     
  3. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    My windows defender jus tpopped up soemthing weird and i denied its access.... this is the log


    Summary:
    Windows Add-ons change occurred.

    This agent monitors the various ways which permit software to be started when other features in Windows are in use.

    Path:
    C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe

    Detected changes:
    shellopencmd:
    HKLM\Software\Classes\ftp\shell\open\command\\

    file:
    C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe

    Advice:
    Permit this detected item only if you trust the program or the software publisher.

    Publisher:
    mozilla.org

    Digitally Signed By:
    NOT SIGNED

    Product name:
    SeaMonkey

    Description:
    SeaMonkey

    Original name:
    seamonkey.exe

    Creation date:
    1/16/2007 1:11 AM

    Size:
    151552 bytes

    Version:
    1.8.20061.21105

    Type:
    dynamic link library (DLL)

    Checkpoint:
    Shell Open Command

    Category:
    Not Yet Classified



    I (obviously) denied its access....but should i have allowed it ? i dont think so it didnt look right to me
     
  4. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    ok i ran prevx last night came up clean also ran NAV came up clean and also ran windows defender, that came up clean also, ran panda and it found 2 spyware things other then that all clean heres my newest panda log:

    also i cleaned up all my temp files and etc


    Incident Status Location

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll

    Spyware:Cookie/bravenetA Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\Jay\Cookies\[email protected][2].txt

    the msimg32.dll i think is a toolbar i dl'ed a while ago and i wanna get rid of it, and the untrusted thing is part of my bufferzone bufferzone moved that file to a virtual zone so it can't effect my PC...

    im ready to run 1 more panda scan if its something you suggest plus i will run the spybot S&D program and the AVG program once byteman links me up (i could find them on my own but im too lazy :p lol ) no jk

    anyways im DLing S&D right now and im gonna run a full scan as soon as its dl'ed and im gonna look for AVG and run the full scan of that.....once those are done ill run 1 more panda scan also, and then ill post all 3 logs here , ill report back in probably 1-3 hours depending on how long these scans take
     
  5. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    OK i found AVG but i really dont wanna download the program...and if i do will that mean i have to disable norton? and also i just ran Spybot S&D and it found quite a bit of spyware....i clicked them all and fixed tehm all and also immunized myself and turned on all the options and did all the updates first, heres the log for Spybot S&D:

    Bearshare: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader

    Bearshare: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader.1

    MyWay.MyWebSearch: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1229272821-1614895754-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

    MyWay.MyWebSearch: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1229272821-1614895754-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

    MyWay.MyWebSearch: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    Smitfraud-C.: Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{0AF62F35-D454-42B3-A1AB-83934DCE5C03}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{0D5332E4-6D74-484D-A7FA-8C81135772E5}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{132E8735-44E8-4991-B24F-46E375480C77}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{31023EB1-DBFA-4959-92F1-5031347AF7CA}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{5EB46647-1B09-46CE-B226-8B1E63C7CBFD}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{5EBBCC5D-A38F-43CD-918F-9C02CA79DF46}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{8CCCA599-5B2E-4F5A-AF9C-057B01E86510}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{A6DC33FD-0A23-42BD-86D2-D5138F1FA43B}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{A77F53FD-44C4-4C9D-A3F9-276DE0883C68}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{BE02DC3C-8DA6-4424-A07D-93C6F9BC3534}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{CD0C9501-80D4-48F1-A18A-4D9F1C7A844E}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{DEDBC675-8F5F-49D7-A65A-ADEE6502C01F}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{E8A0CCD3-5ACB-4DAA-BFAF-2B848627D553}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{EFC5443A-147A-440B-B7A7-9E30F6EA9D8B}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{F6D4E489-014B-4BC9-83D7-8547B386AFED}

    Smitfraud-C.: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{FBFB63BC-426B-4FAC-B634-D986255809D0}

    Smitfraud-C.: Type library (Registry key, fixed)
    HKEY_CLASSES_ROOT\TypeLib\{7F78A644-C4A7-4F71-BA4E-5323AA95E7D5}

    Smitfraud-C.: Uninstall settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006

    Zlob.QualityCodec: User settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-1229272821-1614895754-725345543-1004\Software\Internet Security\Path=...C:\Program Files\QualityCodec...


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-01-24 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-19 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-01-19 Includes\DialerC.sbi (*)
    2006-11-24 Includes\Hijackers.sbi (*)
    2007-01-19 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-19 Includes\KeyloggersC.sbi (*)
    2007-01-12 Includes\Malware.sbi (*)
    2007-01-19 Includes\MalwareC.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2007-01-19 Includes\PUPSC.sbi (*)
    2007-01-19 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-01-19 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2007-01-19 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-12-08 Includes\Trojans.sbi (*)
    2007-01-19 Includes\TrojansC.sbi (*)


    as always, thanks again ahead of time, and id appreciate an online scan version of AVG if there is one if not ill DL it if im confirmed it wont interact with norton....and if you need me to run HJT or any other scans or panda or w/e and wanna see the log just let me know....everything that S&D found was fixed and i immunized myself (y)
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, The AVG Antispyware program I posted for you to try is a very good one, it is the former Ewido trojan etc scanner. You CAN use it, along with anything you have installed BUT the best thing to do, it to temporarily turn off Norton products like Internet Security during the scan....you then can turn it right back on, once you either turn off or uninstall AVG Antispyware

    You would turn off Norton and also Windows Defender during a scan time with AVG. We do this on a regular basis during fixing malware. As I said this is only temporary! You will not lose your Norton program
    Yes, there can be coincidental events, due to problems users may be having since malware gets into lots of things and can cause unpredictable events...
    Then, you would decide based on scan results posted here, and be advised, to keep AVG A/S for a bit as we need to run a second scan, and after that if done, we'd have you uninstall or disable AVG A/S if you wish to keep it...and then, turn your temporarily disabled programs back on, this is something you will have to learn to do,as protective programs often will prevent changes you need to make and can get in the way of procedures....if you have not seen anything about this as yet, I can show you the directions from the respective program companies, and I will post the steps we usually do about how it is done so you can scan with another perhaps better detection program. More on this later!

    You have had the Smitfraud trojan, and though it usually plainly stands out in Hijackthis scans, it did not for your logs....so, we need to run this small removal tool. The SpyBot results show SmitFraud Registry items that it fixed, but I want you to run the removal tool anyway.

    There are two steps to it, first part and second part.

    This trojan gives you fake security alerts and asks you to scan, pops up a big ad covering your desktop....do you recall seeing it? If you are now not infected, which I think is the case but need to confirm, your desktop background will be reset, don;t be alarmed you can easily put it back in Properties>Background with built in wallpapers or your custom one would have to be reset is all.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm[/

    You may be prompted by Norton or another program about a malicious script as it says above, you must allow that script or the tool cannot work.

    Post the SMFix log and a new HJT log when done. Then we may have to run the second part which does the fixing after looking at your logs.

    By the way, some of the items about Windows Security Center did not need to be fixed...they are showing
    that you have set XP Security Center settings a certain way is all. We will check on those later, it's nothing that will bother you right now. Merely software settings about how it alerts you in regard to the condition your antivirus program is in or firewall settings.
     
  7. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    Ok byteman, thanks alot, i dl'ed and ran the smitfraud fixer and heres the log from the smitfraud.cmd:

    SmitFraudFix v2.135

    Scan done at 21:36:49.79, Wed 01/24/2007
    Run from C:\Documents and Settings\Jay\Application Data\Mozilla\Profiles\default\bhgd95g1.slt\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jay


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jay\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jay\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\QualityCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    and heres my latest HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:39:17 PM, on 1/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BufferZone\ClntSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\BufferZone\CLIENTGUI.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Jay\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] "Logi_MwX.Exe"
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155259033531
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155259588515
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\Software\..\Telephony: DomainName = PREWARACOMPUTER
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



    as usual, thanks alot ahead of time :) (y)
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Here you are-

    Second Part of Smitfraudfix:

    Copy these steps to a Notepad text file and save it as steps.txt to your desktop, or print them, as you will not be able to get online while working in Safe Mode (and, please do
    not use Safe Mode with Networking for this fix!)


    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  9. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    okay ill do that and come back and post the results....give me about 20 minutes or so :) maybe less
     
  10. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    ok done heres the report:

    SmitFraudFix v2.135

    Scan done at 23:32:05.26, Wed 01/24/2007
    Run from C:\Documents and Settings\Jay\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\QualityCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Thanks again.
     
  11. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Can you guess what's nxt -- run SpyBot again, check for Updates, post what you did before if it finds any items.

    And post the brand new HJT log please.

    You'd really benefit from trying AVG Antispyware, and probably doing a Panda online scan.
     
  12. jmpfourtwent

    jmpfourtwent Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    21
    Heres my latest HJT log, ill get and run AVG Antispyware and Panda sometime tonight and ill run a full spybot search right after i post this then ill post the logs for that then ill do the AVG one then ill do the panda one and post both those logs + a later HJT, but until then heres my HJT for now:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:13:47 PM, on 1/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BufferZone\ClntSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\BufferZone\CLIENTGUI.EXE
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Jay\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] "Logi_MwX.Exe"
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
    O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155259033531
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155259588515
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\Software\..\Telephony: DomainName = PREWARACOMPUTER
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = PREWARACOMPUTER
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  13. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, now I see you have SpyBot's Tea Timer protection on, if you are going to fix anything it has to be turned off.....just before you run any further scans, turn it off, but not till then.

    Here are the steps for turning it off when you need to.

    Spybot S&D (Teatimer)
    Run Spybot-S&D in Advanced Mode.
    If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    On the left hand side, Click on Tools
    Then click on the Resident Icon in the List
    Uncheck "Resident TeaTimer" and OK any prompts.
    Restart your computer.

    There are several programs like TT that must be set to disabled when you scan with another program, so take a look here and copy the steps to a help file and save it, it's legal, they are posted in places for people to see and copy and pass around in fact.

    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

    I see Defender running also, if and when you get AVG Antispyware, you will need to boot to Safe Mode to use it, and ALSO turn off the other two protection programs, TT and Defender...it's just not possible to fix everything any way else.

    You also are using PrevX1 along with Norton, and though I am not sure, you may have Norton conflicts-

    I realize there are problems at your end, but using too much protection is going to also give you problems.

    I am not familiar with PrevX1 and do not know what type of or version you have, so I cannot advise you there, but you just may need to turn off it's protection while you scan with anything else.

    You may be best off to scan with AVG Antispyware, with all that other stuff turned off.

    You should turn them back on before you restart out of Safe Mode, I am fairly sure you can, or will get a message that "x program cannot blah now, it will when you restart" so follow any prompts.

    I still see Bufferzone in your HJT log, you said you had removed that back in the beginning so that is confusing.

    Is that running like it should now, so you reinstalled it yourself?

    Sea Monkey and related extensions or addons for Firefox are safe to use.

    Most of the problem looks to be conflict between Tea Timer, Windows Defender, PrevX1 and Norton- not a good idea to have all that active. I can't believe you could run very much at all with all those installed!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536994

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice