1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to locate component: This application has failed to start because msvcrtdm.dll

Discussion in 'Virus & Other Malware Removal' started by wonderworm10k, Jul 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    This is a brand new computer that I built. It's running Win xp service pack 1

    MSVRCTDM.dll was created on my computer on July 1, at 12:30.

    If i leave the file in its folder, norton believes it is a trojan horse. I think it probably is a trojan.

    When Norton quarantines this file, error messages pop up saying the title

    I think all my programs have become dependent on this dll in order to function correctly.

    I tried reinstalling applications, doesn't work. My computer won't restore to an earlier date either.

    Any help would be much appreciated =)
     
  2. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Welcome to TSG....

    This is an infection and a gold shield which is an expert on therse matters is the only person to actually be able to work with the HijackThis log file that you are going to have to do.

    To download HJTsetup.exe from SpyKiller To Download HijackThis go to the following at the File Repository
    Click on the link below to Download HijackThis Self Installer:

    http://www.thespykiller.co.uk/files/HJTsetup.exe

    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
     
  3. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    Thank you ozrom1e

    Here is the log file

    Logfile of HijackThis v1.99.1
    Scan saved at 9:26:46 PM, on 7/4/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\QConsole.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Winamp\winamp.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    Hi and welcome to TSG,

    Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.


    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

    1. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    3. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    4. If you have any infections you will be prompted. Then select "Apply all actions."
    5. Next select the "Reports" icon at the top.
    6. Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    7. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  5. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    Right now the file is in quarantine in norton, will that affect the scans?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    The scans may or may not detect it in quarantine but it's not a threat so leave it there please.
     
  7. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    I'm at work right now, and I'll be busy tonight. I'll try to upload the log files and stuff as soon as possible (check back 16 hours from now). Sorry to keep you guys waiting =( Thank you so much for helping!
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    That's fine. :)
     
  9. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    O Shoot I forgot to get a report of the scan on AVG... What should I do?

    It quarantined a backdoor.vb.kb

    I'm running panda right now.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    Look in the quarantine folder and let me know what else it found please.
     
  11. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    Quarantine in AVG:

    Origin: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Infected with: Adware Generic

    Origin: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Infected with: Adware Generic

    Origin: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

    Infected with: Adware Generic

    Origin: C:\WINDOWS\system32\vjASV23P.exe

    Infected with: Backdoor.VB.kb

    Panda Log:

    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dad\Cookies\dad@go[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67tu7pvd.default\cookies.txt[.target.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
    Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\Owner\My Documents\filelib\uninst.exe

    Hijackthis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:16:03 AM, on 7/6/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\rundll32.exe
    E:\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    E:\Winamp\winamp.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Norton Quarantined something else....C:\WINDOWS\r.exe
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    Why did you not install SP2 on this computer when you built it?


    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  13. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    ComboFix

    "Administrator" - 2007-07-06 14:35:25 - ComboFix 07-07-04.4 - Service Pack 1 [SAFE MODE]


    ((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


    2007-07-06 14:34 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-06 11:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
    2007-07-05 22:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-05 21:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-05 19:28 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-04 20:11 <DIR> d-------- C:\DOCUME~1\MOM~1.FAM\APPLIC~1\Logitech
    2007-07-04 19:12 <DIR> d-------- C:\DOCUME~1\MOM~1.FAM\APPLIC~1\Symantec
    2007-07-04 19:11 786,432 --ah----- C:\DOCUME~1\MOM~1.FAM\NTUSER.DAT
    2007-07-04 17:55 <DIR> d-------- C:\Program Files\Common Files\AOL
    2007-07-04 17:55 <DIR> d-------- C:\Program Files\AIM6
    2007-07-04 17:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
    2007-07-04 17:41 266,293 --a------ C:\WINDOWS\system\MSVCRT.DLL
    2007-07-04 17:17 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\AdobeUM
    2007-07-03 21:55 <DIR> d-------- C:\DOCUME~1\Owner\Incomplete
    2007-07-03 21:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
    2007-07-03 21:49 9,709,568 -ra------ C:\WINDOWS\RTLCPL.EXE
    2007-07-03 21:49 86,016 -ra------ C:\WINDOWS\SOUNDMAN.EXE
    2007-07-03 21:49 69,632 -ra------ C:\WINDOWS\ALCMTR.EXE
    2007-07-03 21:49 4,353,024 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2007-07-03 21:49 364,544 -ra------ C:\WINDOWS\RtlUpd.exe
    2007-07-03 21:49 2,879,488 -ra------ C:\WINDOWS\SkyTel.exe
    2007-07-03 21:49 2,808,832 -ra------ C:\WINDOWS\ALCWZRD.EXE
    2007-07-03 21:49 2,158,592 -ra------ C:\WINDOWS\MicCal.exe
    2007-07-03 21:49 16,261,632 -ra------ C:\WINDOWS\RTHDCPL.EXE
    2007-07-03 21:48 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2007-07-03 21:46 356,352 --a------ C:\WINDOWS\system32\JMRaidTool.exe
    2007-07-03 21:46 139,264 --a------ C:\WINDOWS\system32\JMRaidAPI.dll
    2007-07-03 21:46 <DIR> d-------- C:\WINDOWS\JM
    2007-07-03 21:45 6,912 --a------ C:\WINDOWS\system32\drivers\JGOGO.sys
    2007-07-03 21:45 41,728 --a------ C:\WINDOWS\system32\drivers\jraid.sys
    2007-07-03 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2007-07-03 21:38 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
    2007-07-03 21:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-03 21:38 <DIR> d-------- C:\Intel
    2007-07-03 21:31 <DIR> d-------- C:\WINDOWS\LastGood
    2007-07-02 21:13 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
    2007-07-01 21:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    2007-07-01 16:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
    2007-07-01 10:02 <DIR> d---s---- C:\DOCUME~1\Dad\UserData
    2007-06-30 23:48 <DIR> d-------- C:\Program Files\Big Island Publishing
    2007-06-30 18:28 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Logitech
    2007-06-30 14:39 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech
    2007-06-30 14:35 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll
    2007-06-30 14:35 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-06-30 14:35 7,680 --a------ C:\WINDOWS\system32\asferror.dll
    2007-06-30 14:35 68,352 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
    2007-06-30 14:35 54,528 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
    2007-06-30 14:35 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-06-30 14:35 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-06-30 14:35 258,352 --a------ C:\WINDOWS\system32\unicows.dll
    2007-06-30 14:35 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
    2007-06-30 14:35 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-06-30 14:35 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
    2007-06-30 14:35 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
    2007-06-30 14:35 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
    2007-06-30 14:35 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
    2007-06-30 14:35 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
    2007-06-30 14:35 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
    2007-06-30 14:35 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
    2007-06-30 14:35 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2007-06-30 14:34 <DIR> d-------- C:\Program Files\Logitech
    2007-06-30 10:20 335 --a------ C:\WINDOWS\nsreg.dat
    2007-06-30 10:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
    2007-06-30 10:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Symantec
    2007-06-30 10:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
    2007-06-30 10:11 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-06-30 10:11 <DIR> d-------- C:\Program Files\Norton Internet Security
    2007-06-30 10:10 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-30 10:10 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-30 10:10 <DIR> d-------- C:\Program Files\Symantec
    2007-06-30 10:10 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-06-30 10:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2007-06-30 10:07 <DIR> d-------- C:\WINDOWS\system32\Lang
    2007-06-30 10:05 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2007-06-30 10:05 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2007-06-30 10:05 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2007-06-30 10:05 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2007-06-30 10:05 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2007-06-30 10:05 327,168 --a------ C:\WINDOWS\IsUninst.exe
    2007-06-30 10:05 248,192 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
    2007-06-30 10:05 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2007-06-30 10:05 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2007-06-30 10:05 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2007-06-30 10:05 <DIR> d-------- C:\Program Files\GIGABYTE
    2007-06-30 10:04 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-06-30 10:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-30 10:04 <DIR> d-------- C:\WINDOWS\system32\RTCOM
    2007-06-30 10:03 86,912 --a------ C:\WINDOWS\system32\drivers\atapi.sys
    2007-06-30 10:03 67,072 --a------ C:\WINDOWS\system32\usbui.dll
    2007-06-30 10:03 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
    2007-06-30 10:03 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
    2007-06-30 10:03 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
    2007-06-30 10:03 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
    2007-06-30 10:03 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
    2007-06-30 10:03 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
    2007-06-30 10:03 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
    2007-06-30 10:02 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
    2007-06-30 10:02 <DIR> d-------- C:\Program Files\Intel
    2007-06-30 09:57 <DIR> d-------- C:\WINDOWS\RegisteredPackages
    2007-06-30 09:56 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-01 07:30:31 104,448 ----a-w C:\WINDOWS\system32\imm32.dll
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2003-11-03 14:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
    2005-10-23 01:29 94336 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
    2007-05-23 12:13 140912 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 23:59]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 01:56 C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 C:\WINDOWS\ALCMTR.EXE]
    "!AVG Anti-Spyware"="E:\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-05 21:31]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-05 21:31]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setup.exe

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At1.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At10.job
    2007-07-06 17:00:00 C:\WINDOWS\tasks\At11.job
    2007-07-06 18:00:00 C:\WINDOWS\tasks\At12.job
    2007-07-06 19:00:00 C:\WINDOWS\tasks\At13.job
    2007-07-06 20:00:00 C:\WINDOWS\tasks\At14.job
    2007-07-06 21:00:00 C:\WINDOWS\tasks\At15.job
    2007-07-04 22:00:30 C:\WINDOWS\tasks\At16.job
    2007-07-04 23:00:30 C:\WINDOWS\tasks\At17.job
    2007-07-05 00:00:30 C:\WINDOWS\tasks\At18.job
    2007-07-05 01:00:30 C:\WINDOWS\tasks\At19.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At2.job
    2007-07-05 02:00:30 C:\WINDOWS\tasks\At20.job
    2007-07-06 03:00:30 C:\WINDOWS\tasks\At21.job
    2007-07-06 04:00:30 C:\WINDOWS\tasks\At22.job
    2007-07-04 05:00:30 C:\WINDOWS\tasks\At23.job
    2007-07-01 16:40:12 C:\WINDOWS\tasks\At24.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At3.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At4.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At5.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At6.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At7.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At8.job
    2007-07-01 16:40:11 C:\WINDOWS\tasks\At9.job
    2007-06-30 17:15:38 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-06 14:39:21
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-06 14:41:09

    --- E O F ---


    HiJackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 2:44:51 PM, on 7/6/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    E:\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
     
  15. wonderworm10k

    wonderworm10k Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    12
    I can't upgrade to SP2 because this is a reinstall disk for a laptop. The key will be invalid with microsoft and I wouldn't be able to download and install updates.

    Should I try registering?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/591889