Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
3 replies to this topic

#1 aharpro26

aharpro26

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 02 April 2005 - 01:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:33:05 PM, on 4/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
E:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
E:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4.EXE
E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\WINDOWS\vcdplayx.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\AIM\aim.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
E:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hot-searches.com/search.php?v=6&aff=7741853
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hot-searches.com/index.php?v=6&aff=7741853
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=7741853
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "E:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] E:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EasyTuneIV] E:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "E:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] E:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: CabalClock.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\CabalClock.exe
O4 - Startup: CabalMeters.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\CabalMeters.exe
O4 - Startup: Glassy Calendar.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Glassy Calendar.exe
O4 - Startup: Glassy Calendar.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Glassy Calendar.exe
O4 - Startup: Live Weather II.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Live Weather II.exe
O4 - Startup: YzDock.exe.lnk = E:\Documents and Settings\Mike Hill\My Documents\download\mchill09\Mac Dock\YzDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - E:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:40 PM

Posted 02 April 2005 - 11:23 PM

Hi again aharpro26. Man, you'd think I was the only one here! After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.

Step #1

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hot-searches.com/search.php?v=6&aff=7741853
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hot-searches.com/index.php?v=6&aff=7741853
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=7741853
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O18 - Filter: text/html - (no CLSID) - (no file)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #2

Download CleanUp! and install it. Start CleanUp! and click the CLeanUp! button. Let it run to completion.

Step #3

OK. Reboot your computer normally, start HijackThis and perform a new scan. Post your new log file back here using the Add Reply button and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 aharpro26

aharpro26
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 03 April 2005 - 01:18 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:13:21 AM, on 4/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
E:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
E:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
E:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
E:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4.EXE
E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
E:\Program Files\FarStone\VirtualDrive\VDTask.exe
E:\WINDOWS\vcdplayx.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\AIM\aim.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Valve\Steam\Steam.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
E:\Documents and Settings\Mike Hill\My Documents\download\mchill09\Mac Dock\YzDock.exe
E:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
E:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
E:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
E:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
E:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
E:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "E:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] E:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EasyTuneIV] E:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\ET4.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "E:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] E:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: CabalClock.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\CabalClock.exe
O4 - Startup: CabalMeters.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\CabalMeters.exe
O4 - Startup: Glassy Calendar.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Glassy Calendar.exe
O4 - Startup: Glassy Calendar.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Glassy Calendar.exe
O4 - Startup: Live Weather II.exe.lnk = E:\Documents and Settings\Mike Hill\Desktop\WinCustomize Files\Widgets\Live Weather II.exe
O4 - Startup: YzDock.exe.lnk = E:\Documents and Settings\Mike Hill\My Documents\download\mchill09\Mac Dock\YzDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - E:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)


my problem was not fixed. Windows Media Player crashes on startup. Norton Antivirus 2005 does not load when i open the tray icon. Some games crash a few minutes into it and others do not load.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:40 PM

Posted 03 April 2005 - 02:17 AM

Hello again aharpro26. Your log is clean. Congratulations! There are no signs of viruses or malware at this time. We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster, SpywareGuard and IESpy-Ad. They will add 1000's of sites to your resticted zone and block some hijacks from happening.

You should also have a good firewall like ZoneAlarm or Kerio Personal Firewall (both are free) and a good anti-virus application like the one you are currently using. It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your system up to date and clean visit Windows Update monthly, run AdAware SE and Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Regarding the issues you are describing I suggest removing all the additional add-on's that are cluttering up your system like YzDock and StarDock. These types of applications bury themselves deeply into your OS and intercept system calls to programs before they reach their destination. Start with YzDock. If you do a Google search on that application you will find a few days worth of reading regarding all of the problems that that particular program causes with the operating system. After that, remove the additional programs one at a time until you find the culprit.

Cheers and have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users