Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only have internet connection in safe mode


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mo_

Mo_

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 12 March 2009 - 11:29 PM

I tried making a forum in netowrking they led me here.
Here is the orginal post: http://www.bleepingcomputer.com/forums/ind...p;#entry1175646

and here are the log files:

Safe Mode
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:08 AM, on 3/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html"]http://red.clientapps.yahoo.com/customize/.../search/ie.html[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://att.yahoo.com/"]http://att.yahoo.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://att.yahoo.com"]http://att.yahoo.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html"]http://red.clientapps.yahoo.com/customize/.../search/ie.html[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://att.yahoo.com"]http://att.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://hp.windowsmedia.com/MEDIAGUIDE/ClickTracking/Redir.htm?dest=http%3A//www.billboard.com/bb/hotweb/win_media.jsp"]http://hp.windowsmedia.com/MEDIAGUIDE/Clic...b/win_media.jsp[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXEO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /MinimizedO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [SpybotDeletingB8541] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD6065] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB9797] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD7405] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB3437] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD68] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB6647] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD886] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB8387] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"O4 - HKCU\..\RunOnce: [SpybotDeletingD4981] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"O4 - HKCU\..\RunOnce: [SpybotDeletingB7025] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD5037] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB1927] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingD3721] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingB6465] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"O4 - HKCU\..\RunOnce: [SpybotDeletingD3623] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"O4 - HKCU\..\RunOnce: [SpybotDeletingB4206] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingD7153] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingB9301] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD4612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB921] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingD2180] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingB4364] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD9028] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB3747] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD4255] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4867] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"O4 - HKCU\..\RunOnce: [SpybotDeletingD634] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html"O4 - HKCU\..\RunOnce: [SpybotDeletingB4085] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingD7152] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingB7151] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingD9605] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingB8248] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD1617] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB8642] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD234] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4110] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD6711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB6234] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD4638] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB1722] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD4644] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB7202] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"O4 - HKCU\..\RunOnce: [SpybotDeletingD9272] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"O4 - HKCU\..\RunOnce: [SpybotDeletingB5733] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD7612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB755] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD7357] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB7460] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD3509] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB9288] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"O4 - HKCU\..\RunOnce: [SpybotDeletingD6393] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"O4 - HKCU\..\RunOnce: [SpybotDeletingB8380] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB1192] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingD3220] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingB8888] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingD9183] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingB141] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingD8095] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingB7681] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD5838] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4255] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingD9355] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingB2245] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingD2348] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD898] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4456] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD5871] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB1947] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingD9287] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"O4 - HKCU\..\RunOnce: [SpybotDeletingB1101] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD3956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB2680] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"O4 - HKCU\..\RunOnce: [SpybotDeletingD5676] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"O4 - HKCU\..\RunOnce: [SpybotDeletingB4966] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingD1334] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"O4 - HKCU\..\RunOnce: [SpybotDeletingB485] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlPanel\index.html"O4 - HKCU\..\RunOnce: [SpybotDeletingD9292] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlPanel\index.html"O4 - HKCU\..\RunOnce: [SpybotDeletingB3564] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"O4 - HKCU\..\RunOnce: [SpybotDeletingD1804] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"O4 - HKCU\..\RunOnce: [SpybotDeletingB9622] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingD2298] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4624] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"O4 - HKCU\..\RunOnce: [SpybotDeletingB4169] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"O4 - HKCU\..\RunOnce: [SpybotDeletingD5471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"O4 - HKCU\..\RunOnce: [SpybotDeletingB5742] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingD5833] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"O4 - HKCU\..\RunOnce: [SpybotDeletingB924] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"O4 - HKCU\..\RunOnce: [SpybotDeletingD2647] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"O4 - Global Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=58813"]http://go.microsoft.com/fwlink/?linkid=58813[/url]O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193265707609"]http://www.update.microsoft.com/microsoftu...b?1193265707609[/url]O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - [url="http://www.tellmemoreeducation.com/bin/tol9inst.cab"]http://www.tellmemoreeducation.com/bin/tol9inst.cab[/url]O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - [url="http://www.teenkorean.com/Penta/KoreanSecurity.cab"]http://www.teenkorean.com/Penta/KoreanSecurity.cab[/url]O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - [url="http://www.interedu.go.kr/contents/101e/KWK.CAB"]http://www.interedu.go.kr/contents/101e/KWK.CAB[/url]O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: getPlus Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 21749 bytes

Normal Mode
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:36:03 AM, on 3/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ps2.exeC:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXEC:\WINDOWS\LTMSG.exeC:\WINDOWS\System32\igfxtray.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hphmon03.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\ccPxySvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\HPHipm09.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html"]http://red.clientapps.yahoo.com/customize/.../search/ie.html[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://att.yahoo.com/"]http://att.yahoo.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://att.yahoo.com"]http://att.yahoo.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html"]http://red.clientapps.yahoo.com/customize/.../search/ie.html[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://att.yahoo.com"]http://att.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://hp.windowsmedia.com/MEDIAGUIDE/ClickTracking/Redir.htm?dest=http%3A//www.billboard.com/bb/hotweb/win_media.jsp"]http://hp.windowsmedia.com/MEDIAGUIDE/Clic...b/win_media.jsp[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXEO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /MinimizedO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=58813"]http://go.microsoft.com/fwlink/?linkid=58813[/url]O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193265707609"]http://www.update.microsoft.com/microsoftu...b?1193265707609[/url]O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - [url="http://www.tellmemoreeducation.com/bin/tol9inst.cab"]http://www.tellmemoreeducation.com/bin/tol9inst.cab[/url]O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - [url="http://www.teenkorean.com/Penta/KoreanSecurity.cab"]http://www.teenkorean.com/Penta/KoreanSecurity.cab[/url]O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - [url="http://www.interedu.go.kr/contents/101e/KWK.CAB"]http://www.interedu.go.kr/contents/101e/KWK.CAB[/url]O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exeO23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 12413 bytes

Edited by Mo_, 12 March 2009 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 AM

Posted 20 March 2009 - 02:38 PM

Hi Mo_,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please copy and paste the logs instead of putting them in the code box. Thanks.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • I see Avira antivirus and Norton antivirus with firewall on the log. Could you tell me if Norton is updated and has subscription?

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the scan files/folders to 3 Months.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

      Note 2: The tool takes not more than one minute to scan the system.
  • RSIT downloads by default a Hijackthis log. Since you have already installed Hijackthis the RSIT might uses it to include a Hijackthis log. In case due to lack of connection in normal mode the RSIT log.txt did not contain Hijackthis log please post a fresh hijackthis log.
You might want to save this page on your favorites, so you can find it again when you return.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 AM

Posted 23 March 2009 - 01:55 PM

Is anybody there?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:28 AM

Posted 24 March 2009 - 02:15 PM

This thread will now be closed due to inactivity.

If you should still have an issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users