Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Review Of Hjt Logs


  • Please log in to reply
11 replies to this topic

#1 OAG

OAG

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 29 October 2006 - 03:10 PM

Hi Folks, can someone take a peek at these logs and see if there is a problem?
I have not been able to go to a hilighted search result without being redirected to some silly, bogus site.

Symantec found "Adaware.Istbar"

I would appreciate the help.

Thanks, OAG



Logfile of HijackThis v1.99.1
Scan saved at 2:13:14 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\napster.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\HiJAckThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\napster.exe /systray
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150547214906
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.18.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:56 PM

Posted 06 November 2006 - 05:16 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

#3 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 08 November 2006 - 08:03 PM

Hi Grinler sorry for my delay, I have been having trouble running almost everything in your tutorial, except for Ad-Aware which I just deleted all the findings I can post a copy of that log if you need it.
Otherwise I figured I'd just poat the latest Hjt log for you to peruse.
Thanks, OAG

Logfile of HijackThis v1.99.1
Scan saved at 7:52:59 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\napster.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\cidaemon.exe
D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Documents and Settings\HiJAckThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\napster.exe /systray
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150547214906
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.18.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:56 PM

Posted 10 November 2006 - 12:50 PM

Where did symantec finding the istbar?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. I want you to post this log along with the information from the following steps

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Next,

Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan and combofix

#5 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 10 November 2006 - 09:21 PM

The .istbar was all over the registry, possibly 50 entries, I tried to copy the files but to no avail.
Also detected was

Adware.180Solutions and
Adware.ZangoSearch

I thought you might be interested in this.

Here is the Combofix.txt:

Jeremy - 06-11-10 15:20:28.15 Service Pack 2
ComboFix 06.11.9 - Running from: "D:\Documents and Settings\Jeremy\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-04 10:56 14,165 --a--c--- D:\WINDOWS\system32\drivers\Pclepci.sys
2006-11-04 08:53 466,624 --a--c--- D:\WINDOWS\system32\LTRPR13n.DLL
2006-11-04 08:53 401,408 --a--c--- D:\WINDOWS\system32\pvmjpg30.dll
2006-11-04 08:53 194,248 --a--c--- D:\WINDOWS\system32\LTRFD13n.DLL
2006-11-04 08:52 930,992 -----c--- D:\WINDOWS\system32\Ltr13n.dll
2006-11-04 08:52 884,736 -----c--- D:\WINDOWS\system32\LMUIRes.dll
2006-11-04 08:52 80,896 -----c--- D:\WINDOWS\system32\lfwmf13s.dll
2006-11-04 08:52 79,360 --a--c--- D:\WINDOWS\system32\lfeps13s.dll
2006-11-04 08:52 74,752 --a--c--- D:\WINDOWS\system32\lfgif13s.dll
2006-11-04 08:52 70,144 -----c--- D:\WINDOWS\system32\lfbmp13s.dll
2006-11-04 08:52 65,536 -----c--- D:\WINDOWS\system32\lfpcx13s.dll
2006-11-04 08:52 64,512 -----c--- D:\WINDOWS\system32\lftga13s.dll
2006-11-04 08:52 59,904 -----c--- D:\WINDOWS\system32\lfpcd13s.dll
2006-11-04 08:52 409,600 -----c--- D:\WINDOWS\system32\LFCMP13s.DLL
2006-11-04 08:52 306,352 -----c--- D:\WINDOWS\system32\Ltrio13n.dll
2006-11-04 08:52 283,648 -----c--- D:\WINDOWS\system32\LFJ2K13s.dll
2006-11-04 08:52 2,079,232 -----c--- D:\WINDOWS\system32\LTCLR13s.dll
2006-11-04 08:52 185,856 --a--c--- D:\WINDOWS\system32\lfpng13s.dll
2006-11-04 08:52 167,936 -----c--- D:\WINDOWS\system32\lftif13s.dll
2006-11-04 08:52 12,288 -----c--- D:\WINDOWS\system32\LMLRes.dll
2006-11-04 08:52 116,224 -----c--- D:\WINDOWS\system32\lffax13s.dll
2006-11-04 08:52 110,080 -----c--- D:\WINDOWS\system32\lfpsd13s.dll
2006-11-04 08:52 105,984 -----c--- D:\WINDOWS\system32\lfpct13s.dll
2006-11-04 08:52 1,013,248 -----c--- D:\WINDOWS\system32\Ltwvc13n.dll
2006-11-04 08:49 33,340 --a--c--- D:\WINDOWS\system32\dbmsqlgc.dll
2006-11-04 08:49 24,576 --a--c--- D:\WINDOWS\system32\dbmsgnet.dll
2006-11-04 08:48 765,952 -----c--- D:\WINDOWS\system32\msvcp71d.dll
2006-11-04 08:48 544,768 -----c--- D:\WINDOWS\system32\msvcr71d.dll
2006-11-04 08:40 57,856 --a--c--- D:\WINDOWS\system32\masd32.dll
2006-11-04 08:40 41,219 --a--c--- D:\WINDOWS\RSETPATH.exe
2006-11-04 08:40 27,648 --a--c--- D:\WINDOWS\system32\ma32.dll
2006-11-04 08:40 196,096 --a--c--- D:\WINDOWS\system32\macd32.dll
2006-11-04 08:40 138,752 --a--c--- D:\WINDOWS\system32\mase32.dll
2006-11-04 08:40 136,192 --a--c--- D:\WINDOWS\system32\mamc32.dll
2006-10-21 10:22 82,432 --a--c--- D:\WINDOWS\system32\msxml4r.dll
2006-10-21 10:22 76,800 -----c--- D:\WINDOWS\system32\Lfwmf13n.dll
2006-10-21 10:22 73,728 -----c--- D:\WINDOWS\system32\MMAviAx.dll
2006-10-21 10:22 73,728 -----c--- D:\WINDOWS\system32\lffax13n.dll
2006-10-21 10:22 65,536 -----c--- D:\WINDOWS\system32\Lfpct13n.dll
2006-10-21 10:22 453,120 -----c--- D:\WINDOWS\system32\ltkrn13n.dll
2006-10-21 10:22 44,544 --a--c--- D:\WINDOWS\system32\msxml4a.dll
2006-10-21 10:22 393,216 -----c--- D:\WINDOWS\system32\LFCMP13n.DLL
2006-10-21 10:22 32,768 -----c--- D:\WINDOWS\system32\MLPagAx.dll
2006-10-21 10:22 30,208 -----c--- D:\WINDOWS\system32\lfbmp13n.dll
2006-10-21 10:22 278,016 -----c--- D:\WINDOWS\system32\LFJ2K13n.dll
2006-10-21 10:22 24,576 -----c--- D:\WINDOWS\system32\lftga13n.dll
2006-10-21 10:22 233,472 --a--c--- D:\WINDOWS\system32\DiskIO.dll
2006-10-21 10:22 184,320 --a--c--- D:\WINDOWS\system32\RALMain.dll
2006-10-21 10:22 153,088 -----c--- D:\WINDOWS\system32\ltfil13n.DLL
2006-10-21 10:22 143,360 -----c--- D:\WINDOWS\system32\lftif13n.dll
2006-10-21 10:22 126,976 -----c--- D:\WINDOWS\system32\AVIPrAx.dll
2006-10-21 10:22 1,693,696 -----c--- D:\WINDOWS\system32\LTCLR13n.dll
2006-10-21 10:22 1,230,336 --a--c--- D:\WINDOWS\system32\msxml4.dll
2006-10-21 10:17 49,152 --a--c--- D:\WINDOWS\system32\PCLEGetGuid.dll
2006-10-19 18:55 90,163 -ra--c--- D:\WINDOWS\system32\SZBase.dll
2006-10-17 12:56 278,583 -ra--c--- D:\WINDOWS\system32\IS3DBA.dll
2006-10-17 12:55 45,111 -ra--c--- D:\WINDOWS\system32\IS3VFS.dll
2006-10-17 12:55 340,022 -ra--c--- D:\WINDOWS\system32\IS3UI.dll
2006-10-17 12:54 81,977 -ra--c--- D:\WINDOWS\system32\IS39XLdr.dll
2006-10-17 12:54 69,688 -ra--c--- D:\WINDOWS\system32\IS3Inet.dll
2006-10-17 12:54 65,591 -ra--c--- D:\WINDOWS\system32\IS3Svc.dll
2006-10-17 12:54 49,209 -ra--c--- D:\WINDOWS\system32\IS3Hooks.dll
2006-10-17 12:54 32,768 -ra--c--- D:\WINDOWS\system32\IS3XData.dll
2006-10-17 12:54 139,321 -ra--c--- D:\WINDOWS\system32\IS3Win32.dll
2006-10-17 12:53 516,152 -ra--c--- D:\WINDOWS\system32\IS3Base.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 14:17 -------- d----c--- D:\Documents and Settings\Jeremy\Application Data\Image Zone Express
2006-11-09 17:06 -------- d----c--- D:\Program Files\Common Files\Panda Software
2006-11-08 19:42 -------- d----c--- D:\Program Files\Common Files
2006-11-08 06:24 -------- d----c--- D:\Program Files\STOPzilla!
2006-11-06 18:19 -------- d----c--- D:\Program Files\Norton SystemWorks
2006-11-04 10:24 -------- d----c--- D:\Documents and Settings\Jeremy\Application Data\Pinnacle Systems
2006-11-04 09:17 -------- d----c--- D:\Program Files\proDAD
2006-11-04 09:08 -------- d----c--- D:\Program Files\AdorageI-GfxDatas
2006-11-04 09:06 -------- d----c--- D:\Program Files\AdorageI-SAL
2006-11-04 08:57 -------- d--h-c--- D:\Program Files\InstallShield Installation Information
2006-11-04 08:49 -------- d----c--- D:\Program Files\Microsoft SQL Server
2006-11-01 06:50 -------- d----c--- D:\Program Files\Common Files\Microsoft Shared
2006-10-30 06:03 -------- d----c--- D:\Program Files\microsoft frontpage
2006-10-29 15:54 -------- d----c--- D:\Program Files\PC MightyMax
2006-10-29 15:54 -------- d----c--- D:\Program Files\OfficeUpdate11
2006-10-29 15:54 -------- d----c--- D:\Program Files\LexmarkX73
2006-10-29 15:53 -------- d----c--- D:\Program Files\InterVideo
2006-10-29 15:53 -------- d----c--- D:\Program Files\DivX
2006-10-26 22:31 -------- d----c--- D:\Program Files\Common Files\Symantec Shared
2006-10-25 18:14 -------- d----c--- D:\Program Files\Common Files\STOPzilla!
2006-10-25 18:13 -------- d----c--- D:\Program Files\Common Files\iS3
2006-10-21 19:07 -------- d----c--- D:\Program Files\EA GAMES
2006-10-21 15:30 -------- d---sc--- D:\Documents and Settings\Jeremy\Application Data\Microsoft
2006-10-21 15:30 -------- d----c--- D:\Program Files\Western Digital Technologies
2006-10-14 07:17 -------- d----c--- D:\Program Files\Google
2006-10-11 11:35 58880 --a--c--- D:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 11:35 553984 --a--c--- D:\WINDOWS\system32\p2psvc.dll
2006-10-11 11:35 313344 --a--c--- D:\WINDOWS\system32\p2pgraph.dll
2006-10-11 11:35 153088 --a--c--- D:\WINDOWS\system32\p2p.dll
2006-10-11 11:35 115712 --a--c--- D:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 11:35 104960 --a--c--- D:\WINDOWS\system32\p2pgasvc.dll
2006-09-24 17:17 98304 --a--c--- D:\WINDOWS\system32\CmdLineExt.dll
2006-09-24 17:08 -------- d----c--- D:\Program Files\LucasArts
2006-09-15 06:38 -------- d----c--- D:\Documents and Settings\Jeremy\Application Data\Arcsoft
2006-09-15 06:36 -------- d----c--- D:\Program Files\Common Files\ArcSoft
2006-09-15 06:36 -------- d----c--- D:\Program Files\ArcSoft
2006-09-14 08:59 -------- d----c--- D:\Documents and Settings\Jeremy\Application Data\Google
2006-09-13 00:01 1084416 --a--c--- D:\WINDOWS\system32\msxml3.dll
2006-09-11 18:36 -------- d----c--- D:\Program Files\Symantec
2006-09-10 17:21 -------- d----c--- D:\Documents and Settings\Jeremy\Application Data\STOPzilla!
2006-09-10 08:45 -------- d----c--- D:\Program Files\HQ Codec
2006-09-10 06:30 -------- d----c--- D:\Program Files\Pinnacle
2006-08-25 10:45 617472 -----c--- D:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a--c--- D:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a--c--- D:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a--c--- D:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"RemoteCenter"="D:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RcMan.exe"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="D:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTHelper"="CTHELPER.EXE"
"ccApp"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"PrinTray"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"ASUS Probe"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"dla"="D:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"StorageGuard"="\"D:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NapsterShell"="C:\\Program Files\\napster.exe /systray"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"Lexmark X73 Button Monitor"="D:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
"Lexmark X73 Button Manager"="D:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
"PinnacleDriverCheck"="D:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"PinnacleDriverCheck"="D:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,c3,00,00,00,7c,00,00,00,7c,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jeremy.job
D:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
D:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 06-11-10 15:45:30.23
D:\ComboFix.txt ... 06-11-10 15:45
D:\ComboFix2.txt ... 06-11-10 15:04
D:\ComboFix3.txt ... 06-11-10 13:56



And, the Activescan report:


Incident Status Location

Possible Virus. Not disinfected C:\Program Files\oldblivion\oldblivion.exe
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@2o7[2].txt
Spyware:Cookie/AdDynamix Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@ads.addynamix[1].txt
Spyware:Cookie/Overture Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@overture[1].txt
Spyware:Cookie/Overture Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@questionmarket[2].txt
Spyware:Cookie/onestat.com Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@stat.onestat[2].txt
Spyware:Cookie/XXXCounter Not disinfected D:\Documents and Settings\Jeremy\Cookies\jeremy@xxxcounter[1].txt
Possible Virus. Not disinfected D:\Documents and Settings\Jeremy\Desktop\Unused Desktop Shortcuts\oldblivion_0.10.zip[oldblivion/oldblivion.exe]
And the latest and greatest HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 20:58, on 06-11-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\napster.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\qconsole.exe
D:\Documents and Settings\HiJAckThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\napster.exe /systray
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150547214906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.18.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

We'll there it is Mr. Grinler, let me know what else you need from me,
and thanks for helping----OAG

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:56 PM

Posted 11 November 2006 - 04:43 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#7 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 11 November 2006 - 08:56 PM

OK hnere is the HJT log followed by the aproposfix log.
Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 20:46, on 06-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\napster.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\HiJAckThis\hijackthis\HijackThis.exe
D:\Program Files\Symantec\LiveUpdate\AUpdate.exe
D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
D:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
D:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - D:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\napster.exe /systray
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150547214906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.18.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe


Not much here is this right?

Log of AproposFix v1.1

************

Running from directory:
D:\Documents and Settings\Jeremy\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

#8 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 11 November 2006 - 10:35 PM

Hey Grinler,
I think I should let you know, sometime after I posted the last post,
I was using the search engine and =I have not been redirected to some silly, bogus site, which was my main problem.
I think you fixed it, but you are the man so you tell me.
Thanks, OAG

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:56 PM

Posted 12 November 2006 - 04:23 PM

I just do not see anything wrong here. What happens if you click on start, run, type msconfig and press enter. Then click on the startup tab and click on disable all. Now put a checkmark next to ccApp and press the ok button. When it asks if you want to reboot ..allow it. Is the computer faster now?

#10 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 13 November 2006 - 07:01 AM

My whole reason for posting here was the fact that I could not go to a
search result after using Yahoo search engine, without being redirected.
I had to copy and paste the website of the result in order to go there.

I have had a browser hijacking before and was directed much like you have. I'll try the things in your last post later today. But I think you nipped my problem in the butt.

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:56 PM

Posted 13 November 2006 - 11:26 AM

Also make sure you follow these steps:

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#12 OAG

OAG
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Long Island
  • Local time:03:56 PM

Posted 13 November 2006 - 07:42 PM

I did the ccApp thing and no it really didn't make a difference. I keep a pretty clean machine usually.
In addition I will also take care of the system restore as you suggest.

And I would like to thank you for taking the time to help me out.

I guess we're done.
-----OAG




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users