Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im Getting A Lot Of Popups, Please Help Me


  • This topic is locked This topic is locked
19 replies to this topic

#1 catcherguy247

catcherguy247

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 01 July 2006 - 11:52 PM

Im having trouble doing anything, Im getting tons of popups, even when im not on the internet. I already got rid of some adware (surfsidekick 3) so any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:13 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\dfndrb_3.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\WINDOWS\system32\srclient.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\VVNFUg\command.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\nqmam.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yltdwic.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [srclient] C:\WINDOWS\system32\srclient.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtlu0739e.dll
O21 - SSODL: URLREWIN - {EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9} - c:\windows\system32\netknl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VVNFUg\command.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 02 July 2006 - 04:09 AM

Hello,
Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

This utility "List Installed Programs" will provide a list of installed programs. It is found half way down the page. Click on the little arrow and then the download icon that is on the new window that opens up. You can download the script and run it from your hard disk or run it without downloading.
When asked to enter the PC details - leave it blank and click OK. Ask to view the results and copy the Notepad list. Paste it in a reply to this thread.

David

#3 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 July 2006 - 09:21 AM

Thank you so much for helping me.


Logfile of HijackThis v1.99.1
Scan saved at 9:18:13 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\WINDOWS\system32\srclient.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [srclient] C:\WINDOWS\system32\srclient.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O21 - SSODL: URLREWIN - {EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9} - C:\WINDOWS\system32\netknl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Start Time= Sun 07/02/2006 9:15:50.90
Running from: C:\Documents and Settings\User\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-02 08:59:46 463 ( A.... ) "C:\WINDOWS\vcccd.dll"
2006-07-01 22:03:34 578560 ( A.... ) "C:\Installer.exe"
2006-07-01 19:30:14 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-07-01 12:46:08 2088960 ( A.... ) "C:\WINDOWS\cfg32.exe"
2006-07-01 12:46:02 20480 ( A.... ) "C:\stub_sca3.exe"
2006-07-01 12:45:58 61440 ( A.... ) "C:\WINDOWS\system32\lby929a6.dll"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:54 29696 ( A.... ) "C:\WINDOWS\system32\w081686b.dll"
2006-07-01 12:45:50 2560 ( A.... ) "C:\ac3_0003.exe"
2006-07-01 12:45:44 587776 ( A.... ) "C:\626_101.exe"
2006-07-01 12:45:22 50688 ( A.S.. ) "C:\WINDOWS\NDNuninstall6_38.exe"
2006-07-01 12:45:22 ( ADS.. ) "C:\Program Files\NewDotNet"
2006-07-01 12:45:18 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-07-01 12:44:58 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-07-01 12:44:58 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-07-01 12:44:58 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-07-01 12:44:56 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-07-01 12:44:56 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-01 12:44:54 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-07-01 12:44:54 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-07-01 12:44:50 ( .D... ) "C:\Program Files\Common Files\zuuf"
2006-07-01 12:44:46 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-07-01 12:44:30 110592 ( A.... ) "C:\WINDOWS\v1201.exe"
2006-07-01 12:44:26 462274 ( A.... ) "C:\visfx500.exe"
2006-07-01 12:42:36 146999 ( A.... ) "C:\WINDOWS\system32\XPAgent.exe"
2006-06-25 12:32:06 ( .D... ) "C:\Documents and Settings\User\Application Data\yoclient"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-13 23:35:12 ( .D... ) "C:\Documents and Settings\User\Application Data\Sun"
2006-06-13 23:33:12 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-09 18:28:12 ( .D... ) "C:\Program Files\GIMP-2.0"
2006-06-09 18:27:20 ( .D... ) "C:\Program Files\Common Files\GTK"
2006-06-08 20:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-01 13:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-29 10:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-24 18:57:02 ( .D... ) "C:\Documents and Settings\User\Application Data\iMesh"
2006-05-19 10:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 00:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-14 03:44:08 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-11 03:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 00:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 00:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 00:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 00:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 00:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 00:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 00:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 00:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 00:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 00:23:00 55808 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-07 12:10:34 ( .D... ) "C:\Program Files\Porrasturvat - Stair Dismount"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"
2006-04-29 06:07:48 5533696 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-10 13:00:34 555824 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-04-10 13:00:30 144688 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-04-10 13:00:28 186672 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2005-02-13 19:01:54 0 ( ..SHR ) "C:\Program Files\q330994.exe"
2005-02-10 05:13:40 4326808 ( A.... ) "C:\Program Files\Security iGuard.exe"


((((((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))))))


2006-07-02 03:12 598,016 C:\WINDOWS\system32\winnetcl.exe
2006-07-01 22:03 578,560 C:\Installer.exe
2006-07-01 12:46 20,480 C:\stub_sca3.exe
2006-07-01 12:46 2,088,960 C:\WINDOWS\cfg32.exe
2006-07-01 12:45 61,440 C:\WINDOWS\system32\lby929a6.dll
2006-07-01 12:45 587,776 C:\626_101.exe
2006-07-01 12:45 50,688 C:\WINDOWS\NDNuninstall6_38.exe
2006-07-01 12:45 463 C:\WINDOWS\vcccd.dll
2006-07-01 12:45 29,696 C:\WINDOWS\system32\w081686b.dll
2006-07-01 12:45 266,240 C:\NNSCAA638.EXE
2006-07-01 12:45 2,560 C:\ac3_0003.exe
2006-07-01 12:45 1,063 C:\WINDOWS\system32\lby929a6.sys
2006-07-01 12:45 1,050,000 C:\WINDOWS\ydxyfmm.exe
2006-07-01 12:44 462,274 C:\visfx500.exe
2006-07-01 12:44 45,056 C:\WINDOWS\system32tfthot.exe
2006-07-01 12:44 45,056 C:\WINDOWS\system32\tfthot.exe
2006-07-01 12:44 45,056 C:\wd7gi8n.exe
2006-07-01 12:44 28,672 C:\WINDOWS\system32ftuninst.exe
2006-07-01 12:44 28,672 C:\WINDOWS\system32\gbe90qs.exe
2006-07-01 12:44 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-07-01 12:44 24,576 C:\WINDOWS\system32ssec.exe
2006-07-01 12:44 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-01 12:44 24,576 C:\WINDOWS\system32\nr1rnqm8.exe
2006-07-01 12:44 208,896 C:\WINDOWS\system32\x3cqp0.dll
2006-07-01 12:44 131,072 C:\WINDOWS\system32\mptft.exe
2006-07-01 12:44 110,592 C:\WINDOWS\v1201.exe
2006-07-01 12:44 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe
2006-07-01 12:42 146,999 C:\WINDOWS\system32\XPAgent.exe
2006-06-13 23:34 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-13 23:34 49,248 C:\WINDOWS\system32\java.exe
2006-06-13 23:34 127,078 C:\WINDOWS\system32\javaws.exe


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"QD FastAndSafe"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Hhl7RfpJ"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"H/PC Connection Agent"="\"C:\\program files\\microsoft office\\WCESCOMM.EXE\""
"Steam"=""
"srclient"="C:\\WINDOWS\\system32\\srclient.exe"
"XPAgent"="C:\\WINDOWS\\system32\\XPAgent.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9}"=""

HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - User.job

Completion time: Sun 07/02/2006 9:16:39.39
ComboFix ver 06.07.02 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-02.085615.txt
ComboFix.2006-07-02.085946.txt
ComboFix.2006-07-02.091550.txt






INSTALLED SOFTWARE (154) - DELL2 - 7/2/2006 7:34:09 AM

Ad-aware 6 Personal Ver: 6.0
Adobe Acrobat 4.0 Ver: 4.0
Adobe PhotoDeluxe 2.0
Age of Mythology
AOL Instant Messenger
ccCommon Ver: 103.0.2.10 Installed: 11/28/2004
Command Ver: 1.0.1
Conexant HSF V92 56K Data Fax PCI Modem
DAO Ver: 3.5 Installed: 9/10/2005
DAO Ver: 3.5 Installed: 9/10/2005
Dell ResourceCD
Direct Show Ogg Vorbis Filter (remove only)
Dystopia Ver: Update 4
Forethought
GTK+ 2.8.9 runtime environment
Half-Life® 2 Ver: 1.0.0.0 Installed: 6/7/2005
Higher Score on the New SAT 1.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 11/30/2003
HijackThis 1.99.1 Ver: 1.99.1
Internet Explorer Exception pack
Internet Explorer ReadMe
Internet Worm Protection Ver: 11.0.2 Installed: 11/28/2004
IOS Beta v4.0 Ver: IOS Beta v4.0
iTunes Ver: 4.1.1.54 Installed: 1/31/2006
iTunes Ver: 4.1.1.54 Installed: 1/31/2006
J2SE Runtime Environment 5.0 Update 7 Ver: 1.5.0.70 Installed: 6/13/2006
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
LiveReg (Symantec Corporation) Ver: 3.0.0
LiveUpdate 3.0 (Symantec Corporation) Ver: 3.0.0.160
Logitech iTouch Software
Macromedia Flash Player 8 Ver: 8
Macromedia Shockwave Player Ver: 10.1.0.11
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.0 Ver: 5.00.174.0 Installed: 8/23/2005
Microsoft Office 2000 Professional Ver: 9.00.2720 Installed: 11/21/2003
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 Ver: 06.00.0000 Installed: 11/25/2003
MSN Music Assistant
MSRedist Ver: 1.0.0.0 Installed: 11/28/2004
MSXML 4.0 SP2 Parser and SDK Ver: 4.20.9818.0 Installed: 6/17/2004
MSXML4 Parser Ver: 1.0.0 Installed: 8/6/2004
Netscape (7.1)
Network Monitor Ver: 6.0.1
Network Play System (Patching)
New.net Domains 6.38 Ver: 6.38
Norton AntiVirus 2005 Ver: 11.0.2 Installed: 11/28/2004
Norton AntiVirus Parent MSI Ver: 10.0.0 Installed: 11/28/2004
Norton SystemWorks Ver: 1.0.0 Installed: 11/28/2004
Norton SystemWorks 2005 Ver: 8.02.6 Installed: 11/28/2004
Norton SystemWorks 2005 (Symantec Corporation) Ver: 8.00.99
Norton Utilities Ver: 18.0.0 Installed: 11/28/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 11/28/2004
Norton WMI Update Ver: 2005.1.2.20 Installed: 11/6/2004
NSW_DRM_COLLECTION Ver: 1.0.0 Installed: 11/28/2004
NVIDIA Display Driver
NVIDIA Drivers
Pinnacle Hollywood FX 4.6
Pinnacle Studio DC10plus
Pinnacle Systems PCI Performance Enhancer
Quicklinks
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564) Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 6/14/2006
Security Update for Windows XP (KB883939) Ver: 1 Installed: 7/3/2005
Security Update for Windows XP (KB890046) Ver: 1 Installed: 7/3/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/9/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 7/3/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 7/3/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/9/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 11/10/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 7/3/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/9/2005
Security Update for Windows XP (KB899588) Ver: 1 Installed: 8/9/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/9/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB901214) Ver: 1 Installed: 7/13/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB903235) Ver: 1 Installed: 7/13/2005
Security Update for Windows XP (KB904706) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 10/21/2005
Security Update for Windows XP (KB905915) Ver: 1 Installed: 12/16/2005
Security Update for Windows XP (KB908519) Ver: 1 Installed: 1/12/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/15/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/15/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/15/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/15/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/15/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 1/6/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/15/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/12/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB918439) Ver: 1 Installed: 6/14/2006
Shockwave
SPBBC Ver: 1.00.0000 Installed: 11/28/2004
Spybot - Search & Destroy 1.3 Ver: 1.3
Spyware Doctor 3.1 Ver: 3.1
Steam™ Ver: 1.0.0.0 Installed: 6/7/2005
Studio 8
Symantec Network Drivers Update Ver: 5.5.1.6 Installed: 5/1/2005
Symantec Script Blocking Installer Ver: 11.0.2 Installed: 11/28/2004
SymNet Ver: 5.4.2.17 Installed: 11/28/2004
The GIMP 2.2.11
Update for Windows XP (KB894391) Ver: 1 Installed: 8/9/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 8/9/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 7/3/2005
Update for Windows XP (KB900485) Ver: 2 Installed: 4/27/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 12/16/2005
WebFldrs XP Ver: 9.50.6513 Installed: 11/21/2003
Winamp (remove only)
Windows Draw
Windows Genuine Advantage Notifications (KB905474) Ver: 1.5.0526.0 Installed: 5/26/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series Ver: 9.00.2980 Installed: 9/10/2005
Windows Media Format Runtime
Windows Media Player 10
Windows Support Tools Ver: 5.1.2510.0 Installed: 2/8/2004
Windows XP Creativity Fun Packs - Windows Movie Maker 2 Ver: 1.00.0000 Installed: 4/25/2006
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB887797 Ver: 20041018.133824
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB890923 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB893086 Ver: 1 Installed: 4/17/2005
Windows XP Service Pack 2 Ver: 20040803.231319
Works Suite OS Pack Ver: 1.0.0.0000 Installed: 11/25/2003
Works Synchronization Ver: 1.0.0.0000 Installed: 11/25/2003
Xfire (remove only)

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 02 July 2006 - 12:24 PM

Hello there,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

* Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following bold part into the Suspicious File Packer window:

C:\program files\microsoft office\wcescomm.exe
C:\WINDOWS\vcccd.dll
C:\Installer.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\lby929a6.dll
C:\WINDOWS\system32\lby929a6.sys


Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.

* Please set your system to show hidden files; please see here if you're unsure how to do this.

* Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

New.net Domains 6.38 Ver: 6.38
Quicklinks


*Boot into Safe Mode (without networking support!)
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [srclient] C:\WINDOWS\system32\srclient.exe
O4 - Global Startup: winlogin.exe
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} -C:\WINDOWS\system32\x3cqp0.dll
O21 - SSODL: URLREWIN - {EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9} - C:\WINDOWS\system32\netknl.dll


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\x3cqp0.dll <--file
C:\WINDOWS\cfg32.exe <--file
C:\stub_sca3.exe <--file
C:\WINDOWS\system32\w081686b.dll <--file
C:\ac3_0003.exe <--file
C:\626_101.exe <--file
C:\WINDOWS\NDNuninstall6_38.exe <--file
C:\Program Files\NewDotNet <--folder
C:\NNSCAA638.EXE <--file
C:\WINDOWS\system32ftuninst.exe <--file
C:\WINDOWS\system32\gbe90qs.exe <--file
C:\WINDOWS\system32ssec.exe <--file
C:\WINDOWS\system32tfthot.exe <--file
C:\WINDOWS\system32\ssec.exe <--file
C:\WINDOWS\system32\tfthot.exe <--file
C:\WINDOWS\system32\ftuninst.exe <--file
C:\Program Files\Common Files\zuuf <--folder
C:\wd7gi8n.exe <--file
C:\WINDOWS\v1201.exe <--file
C:\visfx500.exe <--file
C:\WINDOWS\system32\mptft.exe <--file
C:\WINDOWS\system32\ssn6tuu.exe <--file
C:\WINDOWS\system32\nr1rnqm8.exe <--file
C:\Documents and Settings\User\Application Data\iMesh <--folder
C:\Program Files\q330994.exe <--file
C:\Program Files\Security iGuard.exe <--file
C:\WINDOWS\system32\winnetcl.exe <--file
C:\WINDOWS\ydxyfmm.exe <--file
C:\WINDOWS\system32\srclient.exe <--file

Please reboot back to normal mode and post a new Hijackthis log, and a new combo fix log.
David

#5 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 July 2006 - 04:06 PM

I've done everything you've asked me too, hope everything turns out O.K.

EDIT: Its been about 2 hours since I done all that, the difference is incredible, I'm not getting any more popups and my ping for online gaming has dropped drastically.

Thanks, your a lifesaver... er, comp-saver...

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 3:57:29 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\WINDOWS\system32\XPAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Start Time= Sun 07/02/2006 16:01:19.56
Running from: C:\Documents and Settings\User\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-02 08:59:46 463 ( A.... ) "C:\WINDOWS\vcccd.dll"
2006-07-01 22:03:34 578560 ( A.... ) "C:\Installer.exe"
2006-07-01 12:46:08 2088960 ( A.... ) "C:\WINDOWS\cfg32.exe"
2006-07-01 12:46:02 20480 ( A.... ) "C:\stub_sca3.exe"
2006-07-01 12:45:58 61440 ( A.... ) "C:\WINDOWS\system32\lby929a6.dll"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:58 1063 ( A.... ) "C:\WINDOWS\system32\lby929a6.sys"
2006-07-01 12:45:54 29696 ( A.... ) "C:\WINDOWS\system32\w081686b.dll"
2006-07-01 12:45:50 2560 ( A.... ) "C:\ac3_0003.exe"
2006-07-01 12:45:44 587776 ( A.... ) "C:\626_101.exe"
2006-07-01 12:45:22 50688 ( A.S.. ) "C:\WINDOWS\NDNuninstall6_38.exe"
2006-07-01 12:45:18 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-07-01 12:44:58 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-07-01 12:44:58 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-07-01 12:44:56 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-07-01 12:44:56 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-01 12:44:54 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-07-01 12:44:54 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-07-01 12:44:46 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-07-01 12:44:30 110592 ( A.... ) "C:\WINDOWS\v1201.exe"
2006-07-01 12:44:26 462274 ( A.... ) "C:\visfx500.exe"
2006-07-01 12:42:36 146999 ( A.... ) "C:\WINDOWS\system32\XPAgent.exe"
2006-06-25 12:32:06 ( .D... ) "C:\Documents and Settings\User\Application Data\yoclient"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-13 23:35:12 ( .D... ) "C:\Documents and Settings\User\Application Data\Sun"
2006-06-13 23:33:12 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-09 18:28:12 ( .D... ) "C:\Program Files\GIMP-2.0"
2006-06-09 18:27:20 ( .D... ) "C:\Program Files\Common Files\GTK"
2006-06-08 20:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-01 13:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-29 10:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-19 10:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 00:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-14 03:44:08 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-11 03:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 00:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 00:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 00:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 00:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 00:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 00:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 00:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 00:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 00:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 00:23:00 55808 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-07 12:10:34 ( .D... ) "C:\Program Files\Porrasturvat - Stair Dismount"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"
2006-04-29 06:07:48 5533696 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-10 13:00:34 555824 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-04-10 13:00:30 144688 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-04-10 13:00:28 186672 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2005-02-13 19:01:54 0 ( ..SHR ) "C:\Program Files\q330994.exe"
2005-02-10 05:13:40 4326808 ( A.... ) "C:\Program Files\Security iGuard.exe"


((((((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))))))


2006-07-02 03:12 598,016 C:\WINDOWS\system32\winnetcl.exe
2006-07-01 22:03 578,560 C:\Installer.exe
2006-07-01 12:46 20,480 C:\stub_sca3.exe
2006-07-01 12:46 2,088,960 C:\WINDOWS\cfg32.exe
2006-07-01 12:45 61,440 C:\WINDOWS\system32\lby929a6.dll
2006-07-01 12:45 587,776 C:\626_101.exe
2006-07-01 12:45 50,688 C:\WINDOWS\NDNuninstall6_38.exe
2006-07-01 12:45 463 C:\WINDOWS\vcccd.dll
2006-07-01 12:45 29,696 C:\WINDOWS\system32\w081686b.dll
2006-07-01 12:45 266,240 C:\NNSCAA638.EXE
2006-07-01 12:45 2,560 C:\ac3_0003.exe
2006-07-01 12:45 1,063 C:\WINDOWS\system32\lby929a6.sys
2006-07-01 12:45 1,050,000 C:\WINDOWS\ydxyfmm.exe
2006-07-01 12:44 462,274 C:\visfx500.exe
2006-07-01 12:44 45,056 C:\WINDOWS\system32tfthot.exe
2006-07-01 12:44 45,056 C:\WINDOWS\system32\tfthot.exe
2006-07-01 12:44 45,056 C:\wd7gi8n.exe
2006-07-01 12:44 28,672 C:\WINDOWS\system32ftuninst.exe
2006-07-01 12:44 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-07-01 12:44 24,576 C:\WINDOWS\system32ssec.exe
2006-07-01 12:44 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-01 12:44 131,072 C:\WINDOWS\system32\mptft.exe
2006-07-01 12:44 110,592 C:\WINDOWS\v1201.exe
2006-07-01 12:42 146,999 C:\WINDOWS\system32\XPAgent.exe
2006-06-13 23:34 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-13 23:34 49,248 C:\WINDOWS\system32\java.exe
2006-06-13 23:34 127,078 C:\WINDOWS\system32\javaws.exe


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"QD FastAndSafe"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"H/PC Connection Agent"="\"C:\\program files\\microsoft office\\WCESCOMM.EXE\""
"Steam"=""
"XPAgent"="C:\\WINDOWS\\system32\\XPAgent.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9}"=""

HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - User.job

Completion time: Sun 07/02/2006 16:01:55.25
ComboFix ver 06.07.02 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-02.085615.txt
ComboFix.2006-07-02.085946.txt
ComboFix.2006-07-02.091550.txt
ComboFix.2006-07-02.160119.txt

Edited by catcherguy247, 02 July 2006 - 06:01 PM.


#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 03 July 2006 - 12:49 PM

I just want to check if anything is hiding on your system, before we continue.

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there. Then please right click on HijackThis.exe and click on rename. Rename the program to analyse.exe. Then open analyse.exe and you will recieve the Hijackthis interface - please run a system scan and post its log.

David

#7 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 July 2006 - 01:54 PM

...


Everything just crapped out on me last night, I can't see my Desktop Icons or my start menu. I can do what you asked buy only by going through Taskmanager and selecting Run...

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 03 July 2006 - 02:07 PM

Oh no, it's awful when that happens. Like I said in my first post you system is most likely premanently damaged by this malware infection, but of course I will do my best to return the computer to as good a condition as I can. Let's try and restore your computer to say 2 days ago, through the All Programs menu:

1.Click Start.

2.Point to All Programs.

3.Point to Accessories.

4.Point to System Tools.

5.Click System Restore.

6.Follow the instructions on the wizard to restore your computer to a time when it was working for you, for example 2-3 days ago.

Let me know how it goes,
David

#9 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 July 2006 - 02:18 PM

Ok, Finally I've been able to do something. I'll have the new log posted shortly.

Edited by catcherguy247, 03 July 2006 - 09:13 PM.


#10 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 03 July 2006 - 09:16 PM

Ok, here it is, hopefully were almost finished.


Logfile of HijackThis v1.99.1
Scan saved at 9:15:35 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 04 July 2006 - 08:56 AM

I just want to check if anything is hiding on your system, before we continue.

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there. Then please right click on HijackThis.exe and click on rename. Rename the program to analyse.exe. Then open analyse.exe and you will recieve the Hijackthis interface - please run a system scan and post its log.

David

#12 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 04 July 2006 - 10:49 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:47:59 AM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 04 July 2006 - 01:36 PM

Hey catcherguy247,

You are still running Hijackthis from the HijackThis.exe on your desktop.
Once you have created the new folder and renamed Hijackthis you must run that newly named program.
Running the Hijackthis.exe from your desktop will not show if there is a hidden infection or not.

David

#14 catcherguy247

catcherguy247
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 04 July 2006 - 02:05 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:10:07 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\program files\microsoft office\WCESCOMM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\p2fti4zc.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\microsoft office\WCESCOMM.EXE"
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145999829312
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by catcherguy247, 04 July 2006 - 02:10 PM.


#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:57 AM

Posted 04 July 2006 - 02:09 PM

Ok, let's try another way.
Leave hijackthis.exe on your desktop.
Right click and rename to "analyse", press enter.
Open analyse which will open Hijackthis and click system scan and save a log.
Post that log back here :thumbsup:
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users