malware and trojan horse problem any help appreciated

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jimzinhere

Thread Starter
Joined
Apr 9, 2008
Messages
3
i have some problems similar to some other posts on here, the desktop background has changed to the "spyware detected on your pc" background, i get pop ups for "top rated spyware removers" and others i have a little exclamation mark in the bottom right hand corner of the screen,
win xp service pack 2,amd 64 pro,512mb,160gig

i have internet explorer but am trying to change to mozilla, have installed it but need to solve spyware, and wasnt sure if i should delete explorer until spyware was fixed incase it made it worse, i have spyware terminator see below i did a hijack this log aswell and that is under the first log from terminator, hopefully these may help solve it,




Spyware Terminator v2.0.0.194 (db:1.0.902.662)
Scan Time: 12/04/2008 09:59:33 length: 323 s
Platform: Windows XP Home Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 25201 (Critical:44)
Filter: No System items, No Safe items, No Invalid items

Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
wmsdkns.exe [Microsoft] : C:\WINDOWS\system32\wmsdkns.exe
ccProxy.exe [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ccSetMgr.exe [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
ISSVC.exe [Symantec Corporation] : C:\Program Files\Norton Internet Security\ISSVC.exe
SNDSrvc.exe [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
brsvc01a.exe [brother Industries Ltd] : C:\WINDOWS\system32\brsvc01a.exe
brss01a.exe [brother Industries Ltd] : C:\WINDOWS\system32\brss01a.exe
ALUSchedulerSvc.exe [Symantec Corporation] : C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
navapsvc.exe [Symantec Corporation] : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
SymWSC.exe [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
iPodService.exe [Apple Computer, Inc.] : C:\Program Files\iPod\bin\iPodService.exe
HPwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
aoltray.exe [America Online, Inc.] : C:\Program Files\AOL 9.0\aoltray.exe
WLLoginProxy.exe [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
SymSCUI.exe [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - [Orbitdownloader.com] : C:\Program Files\Orbitdownloader\orbitcth.dll
02 - BHO: - {30EA05C5-7396-4155-A294-2C69B7B56BC4} - : C:\WINDOWS\system32\opnoNEUK.dll
02 - BHO: - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - : C:\WINDOWS\system32\jkkHXQjh.dll
02 - BHO: - {fd150b31-28ca-49d3-bd5c-4deffe2a63c2} - : C:\WINDOWS\system32\gxvsirmq.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AntispyStorm : [AntispyStorm Inc.] : C:\Program Files\AntispyStorm\AntispyStorm.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BM3b36a041 : : C:\WINDOWS\system32\JQHUOQGH.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 380593dd : : C:\WINDOWS\system32\lixxqnxf.dll
04 - Startup: %START_PROGRAMSALL%\Startup\AOL 9.0 Tray Icon.lnk [America Online, Inc.] : C:\Program Files\AOL 9.0\aoltray.exe
04 - Startup: %START_PROGRAMSALL%\Startup\Status Monitor.lnk [Brother Industries, Ltd.] : C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

Shell Extensions
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Computer, Inc.] : C:\Program Files\iTunes\iTunesMiniPlayer.dll
SampleView - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\WINDOWS\system32\ShellvRTF.dll
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
My Sharing Folders - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Import Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOVIEWER.DLL
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOVIEWER.DLL
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOVIEWER.DLL
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - [Symantec Corporation] : C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
23 - [brother Industries Ltd] : C:\WINDOWS\system32\brsvc01a.exe
23 - [Brother Industries Ltd.] : C:\WINDOWS\system32\Drivers\BrScnUsb.sys
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
23 - [Symantec Corporation] : C:\Program Files\Common Files\SYMANTEC SHARED\EENGINE\EECTRL.SYS
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23 - [Apple Computer, Inc.] : C:\Program Files\iPod\bin\iPodService.exe
23 - [Symantec Corporation] : C:\Program Files\Norton Internet Security\ISSVC.exe
23 - [Symantec Corporation] : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080305.040\NAVENG.SYS
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080305.040\NAVEX15.SYS
23 - [Hewlett-Packard Company] : C:\WINDOWS\system32\DRIVERS\PS2.sys
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23 - [Symantec Corporation] : C:\Program Files\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\SAVRT.SYS
23 - [Symantec Corporation] : C:\Program Files\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\SAVRTPEL.SYS
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMDNS.SYS
23 - [Symantec Corporation] : C:\Program Files\SYMANTEC\SYMEVENT.SYS
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMFW.SYS
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMIDS.SYS
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080407.003\SymIDSCo.sys
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMNDIS.SYS
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMREDRV.SYS
23 - [Symantec Corporation] : C:\WINDOWS\system32\Drivers\SYMTDI.SYS
23 - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkHXQjh, DLLName : : C:\WINDOWS\system32\jkkHXQjh.dll

System Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr : : C:\WINDOWS\system32\jkkHXQjh.dll

Thread Files
<StartPage> : C:\WINDOWS\system32\ntnut32.exe
<StartPage> : C:\WINDOWS\system32\shdocpe.dll
<2020Search> : C:\WINDOWS\2020search2.dll
<2020Search> : C:\WINDOWS\mssvr.exe
<180searchAssistant> : C:\Program Files\180Search Assistant\180sa.exe
<180searchAssistant> : C:\Program Files\180Search Assistant\sau.exe
<180searchAssistant> : C:\WINDOWS\salm.exe
<180searchAssistant> : C:\WINDOWS\180ax.exe
<Transponder/VoiceIP> : C:\WINDOWS\voiceip.dll
<Seekmo> : C:\Program Files\Seekmo\SEEKMOHOOK.DLL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:05, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wmsdkns.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [380593dd] rundll32.exe "C:\WINDOWS\system32\mhrlegkr.dll",b
O4 - HKLM\..\Run: [BM3b36a041] Rundll32.exe "C:\WINDOWS\system32\jqhuoqgh.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9324 bytes
 

jimzinhere

Thread Starter
Joined
Apr 9, 2008
Messages
3
some of the names of suspect files can be found under threads on the spyware terminator log file enclosed above, zango is one of them, i also have a file that is called "startup" or something like that, i believe that this is the file that runs at startup to switch the desktop from what it should be to the dodgy "your computer is infected with spyware" as when my computer boots it goes to the normal xp desktop background then the background changes and the little exclamation mark comes up in the bottom right hand corner, now the background changes to the active desktop recovery background instead of the one about spyware, computer is getting slower and more suspect files keep turning up, im starting to tear my hair out with frustration,

please could someone anaylise my log files and generatre a fix or offer any advice as to software that may help, im getting close to smashing the bloody thing with a hammer,
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top