Solved: Help something has taken over my IE Browser

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
Hi guys,:(
Something has got on my computer and I can't seem to find where it is. I've ran Ad-aware and Norton 2005 and they did not find it. When I bring up a web browser I keep getting Security messages and I can tell it sure isn't Microsoft, but it's trying to make me think it is. So I don't click on anything but it's added some kind of "security" tool bar on my browser called "protection bar". Any ideas on how to get rid of this. Here is my Hi Jack log, and if you find anything else please tell me how to get rid of it PLEASE

Logfile of HijackThis v1.99.1
Scan saved at 10:35:27 AM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TalyaSoft\Freezer\Freezer.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
c:\windows\system32\smphost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe"
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{E4B942B6-05D7-1033-0906-010928000001}] "C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SMP Event Checker] c:\windows\system32\smphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {BDFE57C2-5B94-40C6-9F6D-27E97F47BDD5} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.voyeurweb.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124902445078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.custhelp.com/6011-b355h/rnl/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Thanks in advance for you help !!!
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
I was reading some other post and noticed you were telling them to run Smitfraudfix. I have downloaded that and ran the scan here's my log

SmitFraudFix v2.132

Scan done at 11:04:09.26, Fri 01/12/2007
Run from C:\Documents and Settings\Liz Martin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\icont.exe FOUND !
C:\WINDOWS\inetloader.dll FOUND !
C:\WINDOWS\keyboard1.dat FOUND !
C:\WINDOWS\local.html FOUND !
C:\WINDOWS\newname.dat FOUND !
C:\WINDOWS\onlineshopping.ico FOUND !
C:\WINDOWS\removeadware.ico FOUND !
C:\WINDOWS\sexpersonals.ico FOUND !
C:\WINDOWS\videoslots.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\svchosts.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Liz Martin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Liz Martin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LIZMAR~1\FAVORI~1

C:\DOCUME~1\LIZMAR~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


As always .. THANKS !!
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, You will need to copy and save these directions--either create a text document with Notepad and copy/paste these steps to that, you can name the file steps.txt or whatever you wish....save to your desktop so you have them in Safe Mode, while the Internet is not available...


Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. (To "Normal" Mode this time).
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Include a new HJT log also.
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
:)
Thanks for getting back to me so quickly
Here are the logs HJT and the smitfraudfix


Logfile of HijackThis v1.99.1
Scan saved at 2:54:41 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\Update.exe
C:\windows\system32\smphost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\TalyaSoft\Freezer\Freezer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe"
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{E4B942B6-05D7-1033-0906-010928000001}] "C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SMP Event Checker] C:\windows\system32\smphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {BDFE57C2-5B94-40C6-9F6D-27E97F47BDD5} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.voyeurweb.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124902445078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.custhelp.com/6011-b355h/rnl/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

HERES THE SMITFRAUDFIX

SmitFraudFix v2.132

Scan done at 14:30:24.92, Fri 01/12/2007
Run from C:\Documents and Settings\Liz Martin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\icont.exe Deleted
C:\WINDOWS\inetloader.dll Deleted
C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\local.html Deleted
C:\WINDOWS\newname.dat Deleted
C:\WINDOWS\onlineshopping.ico Deleted
C:\WINDOWS\removeadware.ico Deleted
C:\WINDOWS\sexpersonals.ico Deleted
C:\WINDOWS\videoslots.ico Deleted
C:\WINDOWS\system32\svchosts.exe Deleted
C:\DOCUME~1\LIZMAR~1\FAVORI~1\Online Security Test.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

THANKS ALOT ... Please advise !!:)
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi,

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    • Disabling the Resident Shield:

      By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
      (When the PC has been cleaned you can activate the shield again, if you wish.)
      Click the Shield icon at the top and under "Resident shield is..." - click active.
      This should now change to inactive.
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


Next:
  • Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.
  • * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

_ _ _ _
HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
Thanks again for getting back to me !!
Here's the active scan log below:


Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\data.~
Spyware:spyware/whazit Not disinfected c:\windows\system32\kyf.dat
Adware:adware/sahagent Not disinfected c:\windows\downloaded program files\sporder_.dll
Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho
Adware:adware/comet Not disinfected c:\windows\inf\dm.PNF
Adware:adware/gator Not disinfected c:\GatorPatch.log
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz Martin\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ncase Not disinfected c:\windows\180ax.log
Adware:adware/clickalchemy Not disinfected c:\windows\alchem.ini
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20020928.htm
Adware:adware/wintools Not disinfected c:\windows\EDow_AS2.exe
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Liz Martin\Application Data\Lycos
Spyware:spyware/clipgenie Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/memorywatcher Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/purityscan Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Liz Martin\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\backups\backup-20040812-141402-661.inf
Adware:Adware/TrustIn Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\tbetam05.zip[crack.exe]
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloads\SlySoft.CloneDVD.v2.9.0.1.WinALL.Incl.Crack\SlySoft.CloneDVD.v2.9.0.1.WinALL.Incl.Crack\keymaker\KeyMaker.exe[clonedvdcrack.exe]
Adware:Adware/Startpage.KH Not disinfected C:\ED.EXE
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603067.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603104.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603105.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603264.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603454.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603455.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603456.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603500.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603501.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603502.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603548.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604398.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604399.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604400.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00604830.TXT
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi7.inf
Adware:Adware/Startpage.KH Not disinfected C:\WINDOWS\protector28.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@stats.drivecleaner[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@www.drivecleaner[1].txt

THANKS FOR ALL THE HELP !! Please advise ...
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I need the AVG Antispyware report. You didn't have any virus, but you sure have some ad and spyware.

AVG A/S will clean a lot of it up for us. Be SURE you follow the steps to install, update, and run a scan
exactly as they are in my Reply where I posted them. SAVE the directions to a Notepad text file,
or Print them, as the Internet will NOT be available in Safe Mode~
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
oops , sorry ... thought I had added the AVG report.
So here it is:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:52:43 PM 1/13/2007

+ Scan result:



C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039770.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\system32\biU.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\biU.exe/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
HKU\S-1-5-21-3529363498-847386435-1484400983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3529363498-847386435-1484400983-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0038715.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\install.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{E4B942B6-05D7-1033-0906-010928000001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc2\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037461.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037462.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037595.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037596.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037597.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037598.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037599.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037600.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037601.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037602.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037603.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037604.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037605.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037606.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037607.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037608.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037609.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037610.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037611.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037612.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037613.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037614.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037615.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037616.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037617.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037618.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037579.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037581.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037582.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\Liz Martin\My Documents\Downloads\[KeyGen] Windows Keygen Pack (APMKPR2).rar/APMKPR2\APMKPR2\Windows XP Service Pack 2 -kEyGeN-\kEyGeN.exe -> Backdoor.Tagent.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037593.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039776.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\tbetam05.zip/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\Program Files\TextAloud\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039771.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037578.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039786.exe -> Not-A-Virus.Hoax.Win32.Renos.fo : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\liz martin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Liz Martin\My Documents\Downloads\CloneDVD.2.9.0.1\SetupCloneDVD2901Slysoft.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsapicc.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP121\A0037583.exe -> Worm.VB.an : Cleaned with backup (quarantined).


::Report end

As always, I really apreciate the help !! Please advise.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, The AVG results are too old, we need to scan again, post the results both of a NEW AVG antispyware scan, and after that,
a new Panda scan please.

Also, we need you to do this:

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


After those things, post your freshly made Hijackthis log and we will check it all.
Pending these reports you should be just about finished...
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
Wow ... those scans take forever ... Sorry for the delay in getting back to you.

Heres the most up to date scans for the AVG, the Panda, and the HJT log as well. If it all won't fit on this post I'll have to split them up.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:54:03 PM 1/16/2007

+ Scan result:



C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040870.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040870.exe/preInsBI.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040869.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040863.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040864.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040865.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040866.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040867.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040868.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Liz Martin\My Documents\Downloads\[KeyGen] Windows Keygen Pack (APMKPR2).rar/APMKPR2\APMKPR2\Windows XP Service Pack 2 -kEyGeN-\kEyGeN.exe -> Backdoor.Tagent.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040861.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039778.dll -> Downloader.Zlob.biu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039779.exe -> Downloader.Zlob.biu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039731.dll -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039732.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039735.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039759.dll -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039761.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039763.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039780.dll -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039781.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039782.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039783.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039785.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP125\A0039787.exe -> Downloader.Zlob.bjy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4AA3800-982D-449F-8849-BE5D3C5736D7}\RP127\A0040862.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


HERE'S THE PANDA SCAN:


Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\data.~
Spyware:spyware/whazit Not disinfected c:\windows\system32\kyf.dat
Adware:adware/sahagent Not disinfected c:\windows\downloaded program files\sporder_.dll
Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho
Adware:adware/comet Not disinfected c:\windows\inf\dm.PNF
Adware:adware/gator Not disinfected c:\GatorPatch.log
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz Martin\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ncase Not disinfected c:\windows\180ax.log
Adware:adware/clickalchemy Not disinfected c:\windows\alchem.ini
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20020928.htm
Adware:adware/wintools Not disinfected c:\windows\EDow_AS2.exe
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Liz Martin\Application Data\Lycos
Spyware:spyware/clipgenie Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/memorywatcher Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/purityscan Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Liz Martin\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\backups\backup-20040812-141402-661.inf
Adware:Adware/Startpage.KH Not disinfected C:\ED.EXE
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603067.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603104.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603105.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603264.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603454.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603455.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603456.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603500.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603501.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00603502.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00603548.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604398.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604399.TXT
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\NPROTECT\00604400.TXT
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\NPROTECT\00604830.TXT
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\S-1-5-21-3529363498-847386435-1484400983-1006\Dc11.Crack\SlySoft.CloneDVD.v2.9.0.1.WinALL.Incl.Crack\keymaker\KeyMaker.exe[clonedvdcrack.exe]
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi7.inf
Adware:Adware/Startpage.KH Not disinfected C:\WINDOWS\protector28.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@stats.drivecleaner[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Temp\Cookies\liz martin@www.drivecleaner[1].txt

THE HJT WILL BE CONTINUED IN THE NEXT POST: not enough room here
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
HERE'S THE HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:27 AM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\smphost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TalyaSoft\Freezer\Freezer.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe"
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMP Event Checker] C:\windows\system32\smphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {BDFE57C2-5B94-40C6-9F6D-27E97F47BDD5} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.voyeurweb.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124902445078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.custhelp.com/6011-b355h/rnl/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

AS ALWAYS YOU GUYS ARE THE BEST ... PLEASE ADVISE, THANKS!
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Still need one thing> The HJthis Uninstall Manager log

Byteman said:
Also, we need you to do this:

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
I need that list! You have some serious work to do, removing ad and spyware that is in various spots on
the computer.

Freezer may not be doing a good enough job, are you sure the kids are not terrorizing the computer without
you knowing?
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
Sorry about that, I didn't catch the part about the Hjmanager...
I think your right, the Freezer works sometimes, but when I leave it unlocked the kids are all over the computer. Anyway ... thanks for the help and here's the HJthis uninstall manager.

µTorrent
Active Disk
Ad-aware 6 Personal
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe ActiveShare 1.3.1
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 8
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
Atlantis - Search for the Journal
AVG Anti-Spyware 7.5
Bills and Reminders Version 1.7.3
Calendar Maker 2.5
ccCommon
CloneDVD2
Clue
Codec 8.0
CoffeeCup Flash Firestarter
CoffeeCup Web JukeBox - Registered
Coloreal
Compaq Advisor
Compaq Wallpaper
CompuServe 2000
Cool Edit Pro 2.1
Corel Paint Shop Pro X
Crossword Weaver 5.0
DirectX Media Runtime 5.1
Disney's Mickey Mouse Kindergarten
Disney's Stanley Tiger Tales
Disney's Winnie the Pooh Preschool
Dora Lost City
Easy Access Button Support
Easy CD Creator 5 Basic
Encarta Online
Family Tree Maker 7.0
GameSpy Arcade
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP PrecisionScan LTX
ICQ
ID Commander V1.23
ImageDrive (Ahead Software)
Incoming
Intel(R) PRO Network Adapters and Drivers
Internet Worm Protection
IomegaWare
Ipswitch WS_FTP Professional 2006
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Jimmy Neutron vs. Jimmy Negatron DEMO
JumpStart PreSchool v1.4
Kodak EasyShare software
Language of Medicine
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Matrix Code Emulator
MediaFACE II
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Project Professional 2002
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 6.0
MP3 CD Converter 2.20
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
My Wal-Mart Digital Photo Center
Nero Suite
Netscape 6 (6.1)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton SystemWorks 2001
Norton WMI Update
NoteTab Light (Remove only)
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PowerDVD
Quicken 2002 Deluxe
QuickTime
RealOne Player
SecureIt Pro
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
Sierra 3D Deck
Sierra Electrical Wiring
Sierra Garden Encyclopedia
Sierra Home Architect
Sierra Home Improvement Encyclopedia
Sierra Photo Garden Designer
Sierra Photo Home Interiors
Sierra Print Artist 4.5
Sierra Utilities
Signature-mail
SoundMAX
SPBBC
SpongeBob SquarePants - Battle for Bikini Bottom
SpongeBob SquarePants® Employee of the Month DEMO
SpyBot - Search & Destroy 1.1
Stamps.com
Stamps.com support for Microsoft Outlook 2000, 2002, 2003
Stamps.com support for Microsoft Outlook 97-2003
Star Wars JK II Jedi Outcast
SureThing CD Labeler 4 SE
Symantec
Symantec Script Blocking Installer
SymNet
System Alert Popup
TextAloud
The Fairly OddParents Demo
The Sims 2
TuneXP 1.5
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Vietnam: BlackOps
Viewpoint Media Player
WarGames
WeatherBug
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver


Again, thanks for all your help, I notice a few things on this list that don't show in the control panel, or I've tired to remove but they won't ... please advise :eek:
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi,
You will need to copy these directions to a Notepad text file, save it as steps.txt or something else you like, save to your desktop so you have it handy when you are working in Safe Mode, since the Internet and these posts will NOT be able to be seen in Safe Mode. An alternative is to print it out.

You have some older versions of Java that must be uninstalled but not before you download the newest version.

These are older and insecure versions:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9

Note: Some users who have older childrens games installed, will find that some of the games may not work
unless that older copy of java is installed. However, the insecure nature of older versions outweighs the use of older versions. perhaps you could get an older computer for whoever plays the children's games and not risk
your main machine. It is a decision you will have to make. I have seen reports of some games requiring
an older version, but there may have been a fix for that in the latest version, I am not sure.



cybertech said:
-

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Next: You have some old versions of antispyware programs, please uninstall SpyBot 1.1

AdAware 6 << you have the newer v. SE installed, remove this old one.

Norton SystemWorks 2001< this is way too old, if you really need it leave but I reccommend removal.

These old versions should also be removed:

Adobe Acrobat 4.0
Adobe Acrobat 5.0 <you have v. 8.0 installed.



I don't know what these are:

Incoming
Codec 8.0 <might be something you need, not sure. Malware comes sometimes disguised as free codecs downloads. I would get something like K-Lite Codec Pack, it covers most all you will ever need. Let me know if you need help finding the codec pac.

µTorrent < file sharing app, it will eventually if not already has bring you trouble. Enough said.

The rest is OK as far as I can see.

The above is just to get rid of some old software, it does nothing about the amount of malware files, leftovers, etc that remains to deal with.

You can do the uninstalling at any time, and I would, also get Java updated since those older versions are vulnerable to trojan infection.

_ _ _ _ _ _

Next: Follow these steps:

Because XP will not always show you hidden files and folders by default, Go to Start > Search>Files and Folders>> and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


Next, open Windows Explorer and navigate down to the shown folders and delete the files which are at the end of the folder path...
and that are in color, do not delete the folders, just the colored items from within those folders....

Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\backups\backup-20040812-141402-661.inf <this file

Adware:Adware/TrustIn Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloaded Drivers\ tbetam05.zip[crack.exe] <<this file

Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Liz Martin\My Documents\Downloads\SlySoft.CloneDVD.v2.9.0.1.WinALL.Incl.Crack\SlySoft.Clo neDVD.v2.9.0.1.WinALL.Incl.Crack\keymaker\KeyMaker.exe[clonedvdcrack.exe] <<delete all of this, you may still have it in the Recycle Bin along with some other stuff to empty.

You also are using the Norton Protected Recycle Bin,

1. Right-click the Norton Protected Recycle Bin icon, and then click "Empty Norton Protected Files."
2. Follow the prompts.

Next: Start up Ad-Aware SE Personal Edition and Update it fully-

Click "Connect" and get the latest Reference File.

We don't want to scan yet with read on-



Next:

How to download and install SpyBot Search and Destroy 1.4 can be found here:> http://www.bleepingcomputer.com/tuto...utorial43.html

You have quite an old version of SpyBot installed so be sure you uninstall that one before trying to install the new copy.

Go through the setup of SpyBot, get all the latest updates for it>

I find that using the TDS (US) server for updating works best.

You find that TDS server when it is at the point you are shown the updates in a list inside the window > look up at the Server Location line, you will see a European server shown, use the little drop down arrow next to it to get to TDS (US) and then download all updates. When it finishes, you always need to Immunize the system Click on "Immunize" and let it run until it says "x many protections added, there are y many more" and run Immunize from the green + sign up top until it tells you "All known bad products are blocked"


How to get to Safe Mode in XP:

Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter

Next: Perform the following steps in safe mode:

Run a Full scan with both AdAware and SpyBot. Everything SpyBot finds that is Pre-checkmarked for you when you scan is safe to remove

SpyBot still finds BackWeb products, that usually comes with some Compaq, HP or other brands of computers and is game driver updating utility, it is NOT prechecked by SpyBot, so dont remove it beacause it looks like the younger generation there is into games.

WildTangent may also be installed though I dont recall seeing it anyplace in logs. It is OK for now to leave it. (Simply uncheck items you do not want to uninstall with SpyBot- you can always ask what an item is, before you remove. SpyBot does make complete backups of what it removes and saves them for you.

AdAware also creates backups.

Whale away at it and you do not need to post the logs from these two programs.

If you are prompted to restart by SpyBot, you will have to endure a second complete scan in between the restart, as it found something it had to remove during that time period before a file or something was active, you will have to do it but it takes time....

Boot back to Safe Mode if you have not run AdAware and do a Full scan as I posted, only one scan- I would like you do to SpyBot before you use AAW though, so I posted to go back to Safe Mode if SpyBot had you restart, got it?


Next: Run Hijackthis and if you see the items below in your Scan,
put checkmarks next to each box corresponding to what I show below, when you have them all, with all other windows closed....

Click "Fix Checked".

O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.voyeurweb.com
O15 - Trusted Zone: http://*.windowsupdate.com

O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)

Next:

Reboot to Normal Mode.

Post a new Hijackthis log, one made AFTER you have run SpyBot and AdAware.

You are doing very well and I thank you for being patient.
 

The_donner

Thread Starter
Joined
Aug 11, 2004
Messages
66
Wow, that's a bunch of stuff :)
Just to let you know the link to the spybot you provided goes to an invalid page, but I found it somewhere else and downloaded it. Also the version of Adobe 4 is my Acrobat writer and the version 8 is just the reader, so I deleted the version 5 as it was just a reader, and kept my acrobat v4. I know it needs updating, but it's expensive :)
Well, I think I got everything, and here is the most recent HJThis log after everything.

Logfile of HijackThis v1.99.1
Scan saved at 2:37:30 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\TalyaSoft\Freezer\Freezer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\smphost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Liz Martin\Application Data\Mozilla\Profiles\default\l27df302.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] "C:\Program Files\Iomega\Common\ImgStart.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe"
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SMP Event Checker] c:\windows\system32\smphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {BDFE57C2-5B94-40C6-9F6D-27E97F47BDD5} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124902445078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.custhelp.com/6011-b355h/rnl/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Thanks for your patience, and helping me ... Please advise
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top