Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Pop-up Before Login Screen!


  • Please log in to reply
17 replies to this topic

#1 Sake

Sake

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 August 2006 - 10:35 AM

Hi. :thumbsup:

I posted my problem in "Am I infected? What do I do?" and Orange Blossom told me to post here instead. So to make things short, I'll just post a link to a forum where I posted my problem and the steps that I've already tried: http://www.techspot.com/vb/topic56137.html

Logfile of HijackThis v1.99.1
Scan saved at 10:29:41 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Li\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ga$o?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXatFLi/pWINDOWS\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a$INDO\\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aiL{o/a?aa??,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aii{{oa?o???,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{a$?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g{oo?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g???_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Miia$aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\mga$o?.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ma$?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{opWINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{oiINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WINDOW1<m?a?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwi?yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [^??? ?9??*?M?a?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks! :flowers:

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 August 2006 - 08:02 PM

Istsvc http://securityresponse.symantec.com/avcenter/FxIstbar.exe

From Symantec
Note:
The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.
The removal tool will reset the Internet start page to a blank page. The start page can be modified by clicking on Tools > Internet Options in Internet Explorer.
The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files.
These can be manually deleted using the following steps:
a. Start Internet Explorer.
b. Click Tools > Internet Options.
c. In the Temporary Internet Files section, then click the Delete Files button.
d. Check Delete all offline content, and then click OK.
=====================
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to all but system restore:


* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
================
You have BitDefender and Norton AV;s running - only one active av per system - remove one
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 August 2006 - 10:00 PM

I've been trying to remove BitDefender for some time now, but every time I try to delete the folder, it'll say "Cannot delete bdch.dll: Access is denied."

I'm confused, am I supposed to run FxIstbar.exe, then SpySweeper? Just to let you know, I've already tried FxIstbar.exe, but I'll use it again if you believe it's necessary. Also, do I need to do these in Safe Mode?

Thanks. :thumbsup:

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 16 August 2006 - 10:27 AM

No just do SpySweeper

Did you try removing Bit via add/remove programs?
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 16 August 2006 - 03:49 PM

Of course. I'll get this error: "A network error occured while attempting to read from the file C:\WINDOWS\Installer\bdstandard.msi"

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 16 August 2006 - 04:53 PM

Do SPySweeper and post a log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2006 - 01:34 AM

Sorry for the late reply.

1:10 AM: Traces Found: 1
1:10 AM: Full Sweep has completed. Elapsed time 00:28:58
1:10 AM: File Sweep Complete, Elapsed Time: 00:25:10
1:07 AM: Warning: Failed to access drive G:
1:07 AM: Warning: Failed to access drive E:
1:07 AM: Warning: Failed to access drive D:
1:06 AM: Warning: Failed to open file "c:\documents and settings\li\local settings\temporary internet files\content.ie5\s5mb0len\empires[1].". The operation completed successfully
1:06 AM: Warning: Failed to open file "c:\documents and settings\li-wei\local settings\temporary internet files\content.ie5\qn2vmpen\102-4906611-4780903[1].". The operation completed successfully
1:05 AM: Warning: Failed to open file "c:\program files\norton systemworks\norton antivirus\savrt\0842nav~.tmp". The operation completed successfully
12:45 AM: Starting File Sweep
12:45 AM: Warning: Failed to access drive A:
12:45 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:45 AM: Starting Cookie Sweep
12:45 AM: Registry Sweep Complete, Elapsed Time:00:00:40
12:44 AM: HKLM\software\screensavers.com\ (ID = 140569)
12:44 AM: Found Adware: comet systems
12:44 AM: Starting Registry Sweep
12:44 AM: Memory Sweep Complete, Elapsed Time: 00:02:42
12:41 AM: Starting Memory Sweep
12:41 AM: Sweep initiated using definitions version 734
12:41 AM: Spy Sweeper 5.0.7.1608 started
12:41 AM: | Start of Session, Sunday, August 20, 2006 |

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2006 - 12:02 PM

Post a current HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2006 - 12:37 PM

Just to let you know, it didn't allow me to remove that "1 traces," it said I needed the full version.

Logfile of HijackThis v1.99.1
Scan saved at 12:36:13 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Li\Desktop\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ga$o?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXatFLi/pWINDOWS\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a$INDO\\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aiL{o/a?aa??,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aii{{oa?o???,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{a$?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g{oo?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g???_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Miia$aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\mga$o?.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ma$?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{opWINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{oiINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WINDOW1<m?a?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwi?yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [^??? ?9??*?M?a?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2006 - 04:51 PM

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT mark them, close IE, click fix checked

O4 - HKLM\..\Run: [I}\WINDOWS\ ga$o?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXatFLi /pWINDOWS\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXai L{o/a$INDO\ \o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXai L{o/a?aa? ? ?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*ai L{o/a?aa? ?,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aii {{oa?o?? ?,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii {{a$?aa? ? ?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\ g{oo?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\ g? ? ?_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii {{aF??a? ? ?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii a$aF??a?? ?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a\ ?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\mga$o?.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ma$?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i {opWINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i {oi INDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WINDOW1<m ?a?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwi ?yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia? C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [^??? ?9??*?M ?a?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\,a\ ?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\ISTsvc
C:\WINDOWS\mgjwie.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START RUN type in %temp% - OK - Edit Select all File Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didnt work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2006 - 10:19 PM

The program said both: C:\Program Files\ISTsvc and C:\WINDOWS\mgjwie.exe don't exist.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Li\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ga$o?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXatFLi/pWINDOWS\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a$INDO\\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aiL{o/a?aa??,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aii{{oa?o???,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{a$?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g{oo?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g???_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Miia$aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\mga$o?.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ma$?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{opWINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{oiINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WINDOW1<m?a?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwi?yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [^??? ?9??*?M?a?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Nothing's worked so far, and the current status of my system isn't all that great. Aside from everything in the first post of the thread that I posted in my first post, my computer has been experiencing a new problem now. Occasionally, my computer screen will flash black. After a few flashes, my computer will just shut down completely. I'm guessing it's because my computer doesn't have enough CPU power. And, yes, I still have only my Norton icons showing on my system tray, still that "weird pop-up error" thing right before Windows login, etcetera.

The only thing that I haven't tried so far that the person in the other thread recommended me do is reformat. He told me it was a last resort.

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 21 August 2006 - 03:18 PM

That flashing does not sound good - you may be getting ready to lose the monitor or CPU power supply


Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
Install ewido.
Run the application
Clickon scanner
then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Delete".
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Click Complete System Scan and the scan will begin.
When the scan is finished, Set all items to delete
Apply all actions
look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time to run!
RE-Boot
Post that log and a new HiJack log


==================


Lets do this as HiJack sometime has trouble with funky characters

Download Registrar Lite from here: http://www.resplendence.com/download/reglite.exe

Install it and open it then on the address bar paste this and press go:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look down the right hand panel for this dodgy entry:

C:\WINDOWS\mgjwie.exe

Right click it and select delete – do that for all those that contain it.

Edited by MFDnSC, 21 August 2006 - 03:53 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 22 August 2006 - 05:51 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:41:41 PM 8/22/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned.
:mozilla.25:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.17:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.18:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.19:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.20:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.21:C:\Documents and Settings\Li\Application Data\Mozilla\Firefox\Profiles\default.9p6\cookies.txt -> TrackingCookie.Popularix : Cleaned.


::Report end

==================

Everything went by nicely, except for this bit: "Right click it and select delete – do that for all those that contain it." When I right clicked, then selected delete nothing happened.

#14 Sake

Sake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 22 August 2006 - 06:15 PM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Li\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ga$o?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXatFLi/pWINDOWS\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a$INDO\\o?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [aXaiL{o/a?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aiL{o/a?aa??,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s*aii{{oa?o???,C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{a$?aa???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g{oo?uexC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [Is*WINDOWS\g???_C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Mii{{aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [s=Miia$aF??a???C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WP?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\ma$wie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\W>?OWS\,a?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\mga$o?.exC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}\WINDOWS\ma$?aa?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C>?P?OWS\mgjwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{opWINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}i{oiINDO\,,#?nC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [C:\WINDOW1<m?a?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwie;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?jwi?yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [>?WP?OWS\o?o?ia?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [^??? ?9??*?M?a?:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\mga$o?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [I}?>?OWS\,a\?;yxC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mgjwie.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 22 August 2006 - 07:24 PM

http://www.pandasoftware.com/products/activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post a new HiJackThis log along with the results from ActiveScan
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users