Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Antivirus Switching Off


  • Please log in to reply
13 replies to this topic

#1 jim booth

jim booth

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 27 May 2006 - 04:07 AM

Hi, my comp seems to generaly be ok, but I'm not sure is some serioulsy bad hidden bugs are watching my files n stuff or eating away at my comp. Firstly I've noticed that in the blue bar, near the corner where the start icon is, a little clear program exe appears for a second everytime I start windows up. Secondly when windows starts, comp says norton is switched off, second or 2 later norton switches itself on. Sometimes when I shut down comp quickly it says ccapp needs to close, this is nortons email scanner system program, could this be infected with a virus. Also, no serach toolbars appear on my internet page, but my icons on desktop seem to load slow when i close/minimise other windows, so I'm not really sure everythings ok

Anyway I've done all the steps said in your beginners guide, spybot, adware, panda, etc, and they all say clean
here's my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:52:18 PM, on 27/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\HijackThis\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127114345218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

So yeh if you can have a look and tell me if it's all clear, that would be an act of awesomeness of the highest calibre

Jim.............................

Edited by jim booth, 27 May 2006 - 04:08 AM.


BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 06 June 2006 - 12:30 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

#3 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 07 June 2006 - 03:28 AM

Yeh hey, icons still load slow on desktop, norton stills switches off and then on at startup, and little unidentified program running icon appears next to start bar for a second after windows starts up

here's recent log (all scanning, spoybot killing, and ad-adware has been undertaken)

Logfile of HijackThis v1.99.1
Scan saved at 6:30:03 PM, on 7/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127114345218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

all clear, or am I infected?

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 07 June 2006 - 02:33 PM

Looks good to me. Lets try a few things first to be safe.

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
  • Please download and unzip Rootkit Revealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button.
    RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)]
Then Download and Save blacklite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log along with the rootkit revealer log.

#5 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 09 June 2006 - 04:57 AM

Yeh hey ran the rookitreveal,

anyway here's what it picked up

C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\al[1].htm 9/06/2006 6:45 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CA2DK90P.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CA4HM7W5.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CA4PE34X.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CA56FT9A.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CA7JTEOH.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAC567W1.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CACPUVMT.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAI8TNN2.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAIZSLYX.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAOWWI2G.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAS5UV8H.htm 9/06/2006 6:45 PM 5.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\CAU10JON.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\dalert[1].gif 9/06/2006 6:45 PM 609 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\front[1].asp 9/06/2006 6:45 PM 266 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\func_030[1].js 9/06/2006 6:45 PM 62.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\icon13[1].gif 9/06/2006 6:45 PM 1.08 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\ipb_topic[1].js 9/06/2006 6:45 PM 13.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\p_pm[1].gif 9/06/2006 6:45 PM 1.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\p_up[1].gif 9/06/2006 6:45 PM 1.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\553KZI6E\t_new[1].gif 9/06/2006 6:45 PM 1.90 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA0B3RAK.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA29WXC9.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA2RSTAV.htm 9/06/2006 6:45 PM 9.23 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA2ZJFVS.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA3KPPNH.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CA9OLK1F.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAEXGZKR.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAGTUVWH.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAKH23W5.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAO1IBGT.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAS1QV4L.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAW8P026.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\CAY041QO.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\comp_pip[1].gif 9/06/2006 6:45 PM 1.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\css_7[1].css 9/06/2006 6:45 PM 26.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\discussions-navbar[1].gif 9/06/2006 6:45 PM 4.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\google.com[1].htm 9/06/2006 6:44 PM 4.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\ipb_global[1].js 9/06/2006 6:45 PM 18.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\ips_menu[1].js 9/06/2006 6:45 PM 10.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\ips_xmlhttprequest[1].js 9/06/2006 6:45 PM 8.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\loading[1].gif 9/06/2006 6:45 PM 1.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\menu_item[1].gif 9/06/2006 6:45 PM 87 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\nav[1].gif 9/06/2006 6:45 PM 87 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\nav_m[1].gif 9/06/2006 6:45 PM 53 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\p_quote[1].gif 9/06/2006 6:45 PM 1.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\tile_cat[1].gif 9/06/2006 6:45 PM 2.70 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\tile_sub[1].gif 9/06/2006 6:45 PM 1.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\to_post_off[1].gif 9/06/2006 6:45 PM 64 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\topic53754[1].htm 9/06/2006 6:45 PM 86.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\AEXSNUJZ\worldcup06_au[1].gif 9/06/2006 6:44 PM 12.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\av-3[1].jpg 9/06/2006 6:45 PM 2.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CA2VW5YR.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CA58FY3P.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CA6ZK5YJ.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAAZKH2V.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAHBZ26P.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAHLJTW9.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAI7OD4N.jsp 9/06/2006 6:45 PM 1 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAIR49M3.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAKHI9T2.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAM70HKR.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAO1EZW7.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\CAUEI3AH.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\p_card[1].gif 9/06/2006 6:45 PM 1.52 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RYZXDKID\spacer[1].gif 9/06/2006 6:45 PM 43 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CA02N5H8.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CA0VU1EH.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CA2F38UG.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CA2R052F.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CA8MZS1R.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAAEU03L.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAINCDEV.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAONEXA9.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAQ04W18.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAQ7UD2X.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\CAYRSXIV.jsp 9/06/2006 6:45 PM 3 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\dom-drag[1].js 9/06/2006 6:45 PM 6.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\door[1].jsp 9/06/2006 6:45 PM 5.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\ipb_global_xmlenhanced[1].js 9/06/2006 6:45 PM 9.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\ips_menu_html[1].js 9/06/2006 6:45 PM 2.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\malware-icon[1].gif 9/06/2006 6:45 PM 1.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\menu_action_down[1].gif 9/06/2006 6:45 PM 100 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\p_mq_add[1].gif 9/06/2006 6:45 PM 1.67 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\p_offline[1].gif 9/06/2006 6:45 PM 815 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\sc[1].jsp 9/06/2006 6:45 PM 57 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\show_ads[1].js 9/06/2006 6:45 PM 6.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\t_reply[1].gif 9/06/2006 6:45 PM 1.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\tile_back[1].gif 9/06/2006 6:45 PM 940 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\V3CUSVZZ\x-click-but21[1].gif 9/06/2006 6:45 PM 1.24 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\QTFont.for 9/06/2006 6:50 PM 1.38 KB Hidden from Windows API.
C:\WINDOWS\QTFont.qfn 9/06/2006 6:50 PM 52.89 KB Hidden from Windows API.


I didn't change any settings, so it ran on default as u wanted it to right?

as for backlight it said no hidden items found, and only had a link to click to 'show all runninh processes'. i'm assunibg these are legit, and it seemed I couldn't copy and paste 'the show all processes list'

so does that mean it's all clear it backlight found nothing hidden?

thanks-- the jim....

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 11 June 2006 - 07:40 PM

Everything looks good so far.

Its normal for when a computer to start that the av software may show as deactivated while some of its processes are started. The real time protection should still be working already in the background though.

Lets try something else:


* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode.. other rootkitrevealers don't.

#7 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 11 June 2006 - 11:06 PM

Hey again, I ran the gmer scan and got the folling

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-06-12 14:03:11
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 867DE6A8 ZwConnectPort
SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwOpenProcess
SSDT 866EF208 ZwOpenThread
SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

Also I was wondering could having notorn installed on my comp as well as another virus protection program (ewido anti-malware) interfere with the running of norton, and maybe be a reason why norton shuts off at start up. I had previously had a trial version of spybot, along with my proper installed (got it from the shop etc) norton antivirus, and have since uninstalled all spybot componants, so could having too many of installed anti-virus products interefere with functional of main antivirus program?


Anyway thanks for taking the time
Jim.,....

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 12 June 2006 - 04:27 PM

That looks good as well. The two products, norton and ewido, together on the same machine should not pose a problem. In my opinion, though, Norton is not such a great product these days. There are better free home use products out there like AVG Free or Avast Free.

As for the log lets continue digging down deeper:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#9 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 14 June 2006 - 02:32 AM

yeh norton seems to be pretty useless, guess I'll go with panda or soemthing similiar next time,
anyway ran the program winpfind got the folling:



If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 30/07/2004 5:19:30 PM 194560 C:\WINDOWS\Shrek 2 - Bonus Screensaver.scr
aspack 30/07/2004 5:21:12 PM 194560 C:\WINDOWS\Shrek 2 - Donkey Screensaver.scr
aspack 30/07/2004 5:18:20 PM 194560 C:\WINDOWS\Shrek 2 - Shrek Screensaver.scr

Checking %System% folder...
PEC2 29/08/2002 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 23/05/2006 5:26:00 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/06/2006 11:19:50 AM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/06/2006 11:19:50 AM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 5:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 5:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 23/05/2006 5:25:52 PM 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 4/08/2004 3:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
14/06/2006 4:37:30 PM S 2048 C:\WINDOWS\bootstat.dat
14/06/2006 4:36:24 PM S 64 C:\WINDOWS\CSC\00000001
12/06/2006 9:36:06 AM S 64 C:\WINDOWS\CSC\00000002
17/04/2006 9:38:58 AM S 64 C:\WINDOWS\CSC\csc1.tmp
14/05/2006 8:21:52 PM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
6/05/2006 12:22:46 AM S 12227 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
30/05/2006 2:16:00 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 5:15:12 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
4/05/2006 6:37:36 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
21/04/2006 12:41:54 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917953.cat
2/06/2006 6:28:56 AM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
17/05/2006 11:24:42 AM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
23/05/2006 5:27:00 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
14/06/2006 4:37:26 PM H 8192 C:\WINDOWS\system32\config\default.LOG
14/06/2006 4:37:38 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
14/06/2006 4:37:30 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
14/06/2006 4:37:40 PM H 81920 C:\WINDOWS\system32\config\software.LOG
14/06/2006 4:37:32 PM H 1171456 C:\WINDOWS\system32\config\system.LOG
14/06/2006 4:32:06 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
6/06/2006 9:14:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a202eac3-f0fe-48d8-b73e-ec041c761b10
6/06/2006 9:14:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
14/06/2006 4:36:26 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 3/05/2006 2:56:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 24/03/2004 10:04:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
NVIDIA Corporation 13/08/2003 2:24:40 PM R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Creative Technology Ltd. 27/03/2003 10:55:06 AM 159744 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 29/08/2002 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
16/03/2005 1:51:42 PM 1824 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
10/06/2004 4:11:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
20/04/2006 1:50:06 PM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
20/04/2006 1:52:28 PM 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/06/2004 1:55:42 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
22/04/2006 10:24:18 AM 8927 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
12/06/2006 9:26:04 PM 3403 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
10/06/2004 4:11:20 PM HS 84 C:\Documents and Settings\Simon\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/06/2004 1:55:42 AM HS 62 C:\Documents and Settings\Simon\Application Data\desktop.ini
22/05/2006 6:04:06 PM 5761 C:\Documents and Settings\Simon\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Prolific_PLUtil C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
CTSysVol C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
BigPondCable "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
UleadBurningHelper 2
AntiVirService 2
AntiVirScheduler 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item avgnt
hkey HKLM
command "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nForce Tray Options
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sstray
hkey HKLM
command sstray.exe /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sstray
hkey HKLM
command sstray.exe /r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFFAP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HotfixQ0306270
hkey HKLM
command C:\WINDOWS\System32\HotfixQ0306270.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HotfixQ0306270
hkey HKLM
command C:\WINDOWS\System32\HotfixQ0306270.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinPatrol
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winpatrol
hkey HKLM
command C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winpatrol
hkey HKLM
command C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 14/06/2006 4:40:54 PM

I thinking that maybe the Hotfix stuff could be dodgy, it's in add/remove prgrams menu but I can't delete it

Also...
Don't know if it's of it's of any importance but in the last six months, as soon as I boot my computer up, I et a screen saying something about AWD flash, lasts a second, and then normal startup process occurs, does this mean anything

Thanks again

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 14 June 2006 - 01:42 PM

For AWD, when does this appear..before windows starts loading or during the load?

Well that hotfix does not appear to be running so I do not think its that. The log is clean as well.

I dont see anything here that could be causing a problem. lets try two online scans:

Please run two online virus scans:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://www.kaspersky.com/service?chapter=161739400#betatest

Then let us know if its working better and what the scans found.

#11 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 17 June 2006 - 03:04 AM

Hey again,
I ran the kaspersky scan, said everything was clean, couldn';t get other online scan to work
The AWD flash thing occurs before windows starts up

I guess everythings ok now, the bar still appears at windows load up, but stops reappering there after, a while back it would pop up in blue bar next to start menu icon everything few minutes, it hasn't done this for a while, so I guess it's all good

Well thanks for taking the time, and the help for checking to see if anything wrong with my comp

until next time, bye
jim

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 17 June 2006 - 03:57 PM

Lets try one last thing:

Download Silentrunners.zip from:

http://www.silentrunners.org/

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run. When it asks if you want to skip the supplemental search tests, press the No button.

When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

#13 jim booth

jim booth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 24 June 2006 - 11:42 PM

Yeh did that scan, said everything was clean

But I ran a panda online scan just in case, and it came up with the following:

Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Simon\Cookies\simon@apmebf[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Simon\Cookies\simon@realmedia[1].txt
It seems the cookie Apmebf keeps reappearing, even though i delete it, and like sometimes ad-adware SE picks it up on scanning others times it doesn't, should I get rid of the my way and altnet 'unwanted tools'

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:24 PM

Posted 25 June 2006 - 01:39 PM

Yes...see if you can uninstall these via the add/remove programs control panel.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users