1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: help me plz!

Discussion in 'Virus & Other Malware Removal' started by heliocentric, Jan 16, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    hi, i have a problem with malware/spyware. Random programs keep appearing on my desk top called 'instant access' and 'videozapper'. i have ran HJT and seen some things which i'm pretty certain shouldnt be there! like .dll files and .cab files (and who knows what else)...heres the log

    Logfile of HijackThis v1.99.1
    Scan saved at 21:31:50, on 16/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\SPMSMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Down2Home\Down2Home.exe
    C:\Program Files\LightSurf\Common\IconMgr.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\LightSurf\Colorific\hgcctl95.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HC\My Documents\My Received Files\HJT_and_more_1\HJT and more 1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1048.dll,InstantAccess
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Down2Home.lnk = C:\Program Files\Down2Home\Down2Home.exe
    O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
    O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1059_XP.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
    O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_XP.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -----------------------------------------------------------------------

    thanks for your time
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    thanks they seemed to find alot! but those cab files are still there...is that problem?

    Logfile of HijackThis v1.99.1
    Scan saved at 22:17:15, on 16/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\SPMSMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\LightSurf\Common\IconMgr.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\LightSurf\Colorific\hgcctl95.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\HC\My Documents\My Received Files\HJT_and_more_1\HJT and more 1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1048_EN_XP.cab
    O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1059_XP.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
    O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_XP.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Where is the sweeper log ????????????
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - http://scripts.downloadv3.com/binari...1048_EN_XP.cab

    O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binarie...SS_1059_XP.cab

    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binari...SS_1068_XP.cab

    O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binari...SS_1065_XP.cab

    O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binari...SS_1069_XP.cab

    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binari...SS_1066_XP.cab

    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binari...SS_1067_XP.cab


    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  6. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    sorry....here it is

    ********
    21:54: | Start of Session, 16 January 2006 |
    21:54: Spy Sweeper started
    21:54: Sweep initiated using definitions version 602
    21:54: Starting Memory Sweep
    21:57: Memory Sweep Complete, Elapsed Time: 00:03:16
    21:57: Starting Registry Sweep
    21:58: Found Adware: instant access
    21:58: HKCR\clsid\{1cd49dc9-fd88-41fa-b892-47e037267d45}\ (3 subtraces) (ID = 128672)
    21:58: HKLM\software\classes\clsid\{1cd49dc9-fd88-41fa-b892-47e037267d45}\ (3 subtraces) (ID = 128724)
    21:58: HKCR\clsid\{a1c392a2-b274-46db-89be-1fbd476b9c93}\ (3 subtraces) (ID = 860932)
    21:58: HKLM\software\classes\clsid\{a1c392a2-b274-46db-89be-1fbd476b9c93}\ (3 subtraces) (ID = 860961)
    21:58: HKCR\clsid\{e114cd5b-17ce-4807-890e-7b1edf9f2e5e}\ (3 subtraces) (ID = 890921)
    21:58: HKLM\software\classes\clsid\{e114cd5b-17ce-4807-890e-7b1edf9f2e5e}\ (3 subtraces) (ID = 890925)
    21:58: HKCR\clsid\{e24e8472-89b7-479f-8ad8-bbd7206a6a02}\ (3 subtraces) (ID = 909427)
    21:58: HKLM\software\classes\clsid\{e24e8472-89b7-479f-8ad8-bbd7206a6a02}\ (3 subtraces) (ID = 909435)
    21:58: HKCR\clsid\{ba749bc1-143e-430d-b1da-1d2af67a3658}\ (3 subtraces) (ID = 1030412)
    21:58: HKLM\software\classes\clsid\{ba749bc1-143e-430d-b1da-1d2af67a3658}\ (3 subtraces) (ID = 1030417)
    21:58: HKCR\clsid\{95460abd-946a-46ff-9f56-268718323eee}\ (3 subtraces) (ID = 1031101)
    21:58: HKLM\software\classes\clsid\{95460abd-946a-46ff-9f56-268718323eee}\ (3 subtraces) (ID = 1031109)
    21:58: HKU\S-1-5-21-220523388-854245398-725345543-1004\software\egdhtml\ (3 subtraces) (ID = 128787)
    21:58: HKU\S-1-5-21-220523388-854245398-725345543-1004\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
    21:58: HKU\S-1-5-21-220523388-854245398-725345543-1004\software\p2eclient\ (1 subtraces) (ID = 128846)
    21:58: Registry Sweep Complete, Elapsed Time:00:00:16
    21:58: Starting Cookie Sweep
    21:58: Found Spy Cookie: 247realmedia cookie
    21:58: [email protected][1].txt (ID = 1953)
    21:58: Found Spy Cookie: atlas dmt cookie
    21:58: [email protected][2].txt (ID = 2253)
    21:58: Found Spy Cookie: a cookie
    21:58: [email protected][1].txt (ID = 2027)
    21:58: Found Spy Cookie: goldenpalace cookie
    21:58: [email protected][2].txt (ID = 2735)
    21:58: Found Spy Cookie: barelylegal cookie
    21:58: [email protected][1].txt (ID = 2286)
    21:58: Found Spy Cookie: ccbill cookie
    21:58: [email protected][2].txt (ID = 2369)
    21:58: [email protected][1].txt (ID = 2734)
    21:58: Found Spy Cookie: statcounter cookie
    21:58: [email protected][1].txt (ID = 3447)
    21:58: Found Spy Cookie: reliablestats cookie
    21:58: [email protected][1].txt (ID = 3254)
    21:58: Found Spy Cookie: frenchcum cookie
    21:58: [email protected][1].txt (ID = 2707)
    21:58: [email protected][1].txt (ID = 2735)
    21:58: Cookie Sweep Complete, Elapsed Time: 00:00:00
    21:58: Starting File Sweep
    21:58: c:\program files\instant access (6 subtraces) (ID = -2147480835)
    21:58: a0015741.dll (ID = 161514)
    21:58: a0015742.dll (ID = 166446)
    21:58: a0010662.dll (ID = 158351)
    21:58: a0010821.dll (ID = 158351)
    21:58: a0010669.dll (ID = 158351)
    21:58: a0010690.dll (ID = 158351)
    21:58: a0010646.dll (ID = 158351)
    21:58: a0010828.dll (ID = 158351)
    21:58: a0010813.dll (ID = 158351)
    21:58: a0010625.dll (ID = 158351)
    21:58: Found Trojan Horse: magiccontrol
    21:58: a0013363.dll (ID = 178742)
    21:58: a0010633.dll (ID = 158351)
    21:58: a0010935.dll (ID = 158351)
    21:58: a0011383.dll (ID = 178742)
    21:58: a0011496.dll (ID = 178742)
    21:58: a0011117.dll (ID = 158351)
    21:58: a0011100.dll (ID = 158351)
    21:58: a0010653.dll (ID = 158351)
    21:58: a0010943.dll (ID = 158351)
    21:58: a0013420.dll (ID = 178742)
    21:58: a0013431.dll (ID = 178742)
    21:58: a0013527.dll (ID = 178742)
    21:58: a0011228.dll (ID = 178742)
    21:58: a0011071.dll (ID = 158351)
    21:58: a0012631.dll (ID = 178742)
    21:58: a0010682.dll (ID = 158351)
    21:58: a0013536.dll (ID = 178742)
    21:59: a0010971.dll (ID = 158351)
    21:59: a0011147.dll (ID = 178742)
    21:59: a0012613.dll (ID = 178742)
    21:59: a0013445.dll (ID = 178742)
    21:59: a0015447.dll (ID = 194667)
    21:59: a0012737.dll (ID = 178742)
    21:59: a0013122.dll (ID = 178742)
    21:59: a0012959.dll (ID = 178742)
    21:59: a0013471.dll (ID = 178742)
    21:59: a0013239.dll (ID = 178742)
    21:59: a0012752.dll (ID = 178742)
    21:59: a0012816.dll (ID = 178742)
    21:59: a0011444.dll (ID = 178742)
    21:59: a0015744.dll (ID = 201265)
    22:00: a0011093.dll (ID = 158351)
    22:00: a0011400.dll (ID = 178742)
    22:00: a0013453.dll (ID = 178742)
    22:00: a0013202.dll (ID = 178742)
    22:01: a0011242.dll (ID = 178742)
    22:01: a0012539.dll (ID = 178742)
    22:01: a0011045.dll (ID = 158351)
    22:01: a0012836.dll (ID = 178742)
    22:01: a0013520.dll (ID = 178742)
    22:01: a0013552.dll (ID = 178742)
    22:02: a0013544.dll (ID = 178742)
    22:02: a0011456.dll (ID = 178742)
    22:02: a0010852.dll (ID = 158351)
    22:02: a0011503.dll (ID = 178742)
    22:02: a0010698.dll (ID = 158351)
    22:02: a0012921.dll (ID = 178742)
    22:02: a0011413.dll (ID = 178742)
    22:02: a0010990.dll (ID = 158351)
    22:02: a0011008.dll (ID = 158351)
    22:03: a0010956.dll (ID = 158351)
    22:03: a0011001.dll (ID = 158351)
    22:03: a0011015.dll (ID = 158351)
    22:03: a0011022.dll (ID = 158351)
    22:03: a0011513.dll (ID = 178742)
    22:03: a0011029.dll (ID = 158351)
    22:03: a0013602.dll (ID = 178742)
    22:03: a0011171.dll (ID = 178742)
    22:03: a0011211.dll (ID = 178742)
    22:03: a0011078.dll (ID = 158351)
    22:03: a0012966.dll (ID = 178742)
    22:03: a0013045.dll (ID = 178742)
    22:03: a0013579.dll (ID = 178742)
    22:03: a0011478.dll (ID = 178742)
    22:04: a0011351.dll (ID = 178742)
    22:04: a0011107.dll (ID = 158351)
    22:04: a0011123.dll (ID = 178742)
    22:04: a0010980.dll (ID = 158351)
    22:04: a0011130.dll (ID = 178742)
    22:04: a0011110.dll (ID = 158351)
    22:04: a0011154.dll (ID = 178742)
    22:04: a0011220.dll (ID = 178742)
    22:04: a0013311.dll (ID = 178742)
    22:04: a0011304.dll (ID = 178742)
    22:04: a0013344.dll (ID = 178742)
    22:04: a0013325.dll (ID = 178742)
    22:04: a0013349.dll (ID = 178742)
    22:05: a0012791.dll (ID = 178742)
    22:05: a0011085.dll (ID = 158351)
    22:05: a0011358.dll (ID = 178742)
    22:05: a0011235.dll (ID = 178742)
    22:05: a0013091.dll (ID = 178742)
    22:05: a0011405.dll (ID = 178742)
    22:05: a0013586.dll (ID = 178742)
    22:05: a0012808.dll (ID = 178742)
    22:05: a0015743.dll (ID = 168090)
    22:05: a0011365.dll (ID = 178742)
    22:05: a0012547.dll (ID = 178742)
    22:05: a0012765.dll (ID = 178742)
    22:05: a0013301.dll (ID = 178742)
    22:05: a0011140.dll (ID = 178742)
    22:05: a0011391.dll (ID = 178742)
    22:05: a0011470.dll (ID = 178742)
    22:06: a0010705.dll (ID = 158351)
    22:06: a0011485.dll (ID = 178742)
    22:06: a0013618.dll (ID = 178742)
    22:06: a0012928.dll (ID = 178742)
    22:06: a0013115.dll (ID = 178742)
    22:06: a0013153.dll (ID = 178742)
    22:06: a0012912.dll (ID = 178742)
    22:06: a0012759.dll (ID = 178742)
    22:06: a0013070.dll (ID = 178742)
    22:06: a0011530.dll (ID = 178742)
    22:06: a0012567.dll (ID = 178742)
    22:06: a0013084.dll (ID = 178742)
    22:06: a0012574.dll (ID = 178742)
    22:06: a0011374.dll (ID = 178742)
    22:06: a0012593.dll (ID = 178742)
    22:06: a0012935.dll (ID = 178742)
    22:06: a0012581.dll (ID = 178742)
    22:06: a0013144.dll (ID = 178742)
    22:06: a0012950.dll (ID = 178742)
    22:06: a0013610.dll (ID = 178742)
    22:06: a0013620.dll (ID = 178742)
    22:06: a0012942.dll (ID = 178742)
    22:06: a0010711.dll (ID = 158351)
    22:06: a0013572.dll (ID = 178742)
    22:06: a0013592.dll (ID = 178742)
    22:06: a0013628.dll (ID = 178742)
    22:06: a0010835.dll (ID = 158351)
    22:06: a0011163.dll (ID = 178742)
    22:06: a0015739.dll (ID = 63797)
    22:06: a0012558.dll (ID = 178742)
    22:06: a0011036.dll (ID = 158351)
    22:06: a0011321.dll (ID = 178742)
    22:06: a0011521.dll (ID = 178742)
    22:06: a0012988.dll (ID = 178742)
    22:06: a0011327.dll (ID = 178742)
    22:06: a0011335.dll (ID = 178742)
    22:06: a0011312.dll (ID = 178742)
    22:06: a0012528.dll (ID = 178742)
    22:06: a0013168.dll (ID = 178742)
    22:07: a0011195.dll (ID = 178742)
    22:07: a0015740.dll (ID = 63799)
    22:07: a0010719.dll (ID = 158351)
    22:07: a0011342.dll (ID = 178742)
    22:07: a0013108.dll (ID = 178742)
    22:07: a0013160.dll (ID = 178742)
    22:07: a0011262.dll (ID = 178742)
    22:07: a0011434.dll (ID = 178742)
    22:07: a0012798.dll (ID = 178742)
    22:07: a0012823.dll (ID = 178742)
    22:07: a0012774.dll (ID = 178742)
    22:07: a0013185.dll (ID = 178742)
    22:07: a0013193.dll (ID = 178742)
    22:08: a0010986.inf (ID = 168088)
    22:08: Found Adware: bonzi buddy
    22:08: a0015991.rbf (ID = 51610)
    22:08: Found Adware: limeshop
    22:08: a0015993.rbf (ID = 65528)
    22:08: a0011217.inf (ID = 201164)
    22:08: egdaccess.inf (ID = 199003)
    22:09: File Sweep Complete, Elapsed Time: 00:10:51
    22:09: Full Sweep has completed. Elapsed time 00:14:31
    22:09: Traces Found: 233
    22:10: Removal process initiated
    22:10: Quarantining All Traces: magiccontrol
    22:10: Quarantining All Traces: bonzi buddy
    22:10: Quarantining All Traces: instant access
    22:10: Quarantining All Traces: limeshop
    22:10: Quarantining All Traces: 247realmedia cookie
    22:10: Quarantining All Traces: a cookie
    22:10: Quarantining All Traces: atlas dmt cookie
    22:10: Quarantining All Traces: barelylegal cookie
    22:10: Quarantining All Traces: ccbill cookie
    22:10: Quarantining All Traces: frenchcum cookie
    22:10: Quarantining All Traces: goldenpalace cookie
    22:10: Quarantining All Traces: reliablestats cookie
    22:10: Quarantining All Traces: statcounter cookie
    22:10: Removal process completed. Elapsed time 00:00:32
    ********
    21:52: | Start of Session, 16 January 2006 |
    21:52: Spy Sweeper started
    21:52: Messenger service has been disabled.
    21:53: Your spyware definitions have been updated.
    21:54: | End of Session, 16 January 2006 |
     
  7. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    heres the new hjt scan...it says theres some missing dll files...is that a problem...hopefully all the other problems have been cleared up! thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 22:43:11, on 16/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\SPMSMON.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\LightSurf\Common\IconMgr.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\LightSurf\Colorific\hgcctl95.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HC\My Documents\My Received Files\HJT_and_more_1\HJT and more 1\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    That is a bug in HJT -

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
     
  9. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    i'd say its all fixed!

    thanks alot for your help
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/434665

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice