Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked By Spyware Sheriff


  • Please log in to reply
15 replies to this topic

#1 Coops599

Coops599

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 23 November 2006 - 10:17 AM

Hi All

I have copied this over from a different section as recommended by one of the members so sorry for the duplication.

I have a funny situation here. I got infected by the Spywaresheriff. It didnt seem as bad as some of the other posts on here. I was not getting pop ups from windows saying you are infected all I was getting is every website I tried to go to kept re-directing to www.spywaresheriff.com/?186.

I followed some of the tutorials on here and ran the smitRem fix and it seemed to fix the problem until I tried to click on the link in here to download one of the recommended spyware apps and it just direceted me to spywaresheriff again, then I tried www.symantec.com and got the same (the symantec site was fine right after the smitRem sweep). It seems like certain web address are being listed somewhere for re-direction.

I am going to try and download hijackThis and post the log into here.

Thanks in advance

Coops


OK here is the HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 10:56:03 PM, on 11/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Citrix\GoToMeeting\189\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\189\g2mlauncher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.OFFICE\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\Audiodevb.dll
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151646527968
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winisf32 - winisf32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CAPSRepository - SeeBeyond Technology Corporation, Inc - C:\JavaCAPS51\repository\repository.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sun SeeBeyond Enterprise Manager 5.1.0(15000) (EnterpriseManager51X15000) - Apache Software Foundation - C:\JavaCAPS51\emanager/server\bin\tomcat5.exe
O23 - Service: IS 5.1.0 Development (isDevelopment) - Apache Software Foundation - C:\JavaCAPS51\logicalhost\is\bin\issvc_Development.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 23 November 2006 - 06:18 PM

Follow the ins here

http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/
=========================
If you have this delete it and re download

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 24 November 2006 - 10:23 AM

Hi there, thank you for the help.

I was following the instructions at http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/ but when I came to the Panda Online check I was not able to get to their website as it is one of the ones that gets hijacked by spywareSheriff.

Just so that you know I the FixTC.reg update but did not have any of the files or programs that the instructions said to delete.

Something else I noticed after coming out of safe mode is that my IE home page reset back to www.msn.com and I am not able to change it back to Yahoo unless I go into safe mode and set it to Yahoo in there then it works.

Here is the log from the SmitfraudFix

SmitFraudFix v2.123

Scan done at 7:21:33.09, Fri 11/24/2006
Run from C:\Documents and Settings\Mark.OFFICE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark.OFFICE


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark.OFFICE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARK~1.OFF\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Coops

Edited by Coops599, 24 November 2006 - 10:29 AM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 24 November 2006 - 10:40 AM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

===================
Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 November 2006 - 12:29 PM

I am battling the same thing with http://www.ewido.net/en/download/ , I can't get to it because it re-directs straight to SpywareSheriff. I was able to run the combo fix. The report is below

Mark - 06-11-25 9:21:19.65 Service Pack 1
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mark.OFFICE\Desktop\Spy\1125"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-10-25 to 2006-11-25 ))))))))))))))))))))))))))))))))))


2006-11-24 07:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-24 07:21 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-24 07:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-24 07:21 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-23 07:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-22 22:18 <DIR> d-------- C:\WINDOWS\temp
2006-11-22 09:26 <DIR> d-------- C:\Transfer
2006-11-16 12:12 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Apple Computer
2006-11-16 11:52 <DIR> d-------- C:\images
2006-11-16 10:52 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\acccore
2006-11-16 10:51 <DIR> d-------- C:\Program Files\Viewpoint
2006-11-16 10:51 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2006-11-16 10:50 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-16 10:50 <DIR> d-------- C:\Program Files\AIM6
2006-11-16 10:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2006-11-16 10:42 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2006-11-16 10:42 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-16 10:42 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-11-16 10:42 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2006-11-16 10:41 <DIR> d-------- C:\Program Files\SplitCam
2006-11-15 21:20 <DIR> d-------- C:\Autoruns
2006-11-13 17:57 3,204 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 17:44 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-13 06:58 <DIR> d-------- C:\Program Files\msn gaming zone
2006-11-13 06:56 532,480 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-11-13 06:56 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-11-13 06:56 1,172,992 --a------ C:\WINDOWS\system32\ole32.dll
2006-11-13 06:36 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-13 06:30 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-11-13 06:30 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-11-13 06:30 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-13 06:30 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-11-13 06:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-11-13 06:30 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-11-13 06:30 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-11-13 06:30 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-11-13 06:30 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-11-13 06:30 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-11-13 06:30 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-11-13 06:30 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-11-13 06:30 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-11-13 06:30 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-11-13 06:30 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-11-13 06:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-11-13 06:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-11-12 23:18 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-11-12 23:18 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-11-12 23:18 7,680 --a------ C:\WINDOWS\system32\ftpctrs2.dll
2006-11-12 23:18 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-11-12 23:18 60,416 --a------ C:\WINDOWS\system32\iismap.dll
2006-11-12 23:18 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-11-12 23:18 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2006-11-12 23:18 59,392 --a------ C:\WINDOWS\system32\iisext.dll
2006-11-12 23:18 56,320 --a------ C:\WINDOWS\system32\convlog.exe
2006-11-12 23:18 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-11-12 23:18 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-11-12 23:18 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-11-12 23:18 34,816 --a------ C:\WINDOWS\system32\admwprox.dll
2006-11-12 23:18 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-11-12 23:18 249,856 --a------ C:\WINDOWS\system32\adsiis.dll
2006-11-12 23:18 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-11-12 23:18 14,336 --a------ C:\WINDOWS\system32\iisreset.exe
2006-11-12 23:18 13,312 --a------ C:\WINDOWS\system32\exstrace.dll
2006-11-12 23:18 120,832 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-11-12 23:18 11,776 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-11-12 23:18 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-11-12 23:11 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-12 23:09 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-12 23:09 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-12 22:31 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-12 22:31 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-12 22:31 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-12 22:31 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-12 22:31 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-12 22:29 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-12 22:29 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-12 22:29 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-12 22:29 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-12 22:29 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-12 22:29 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-12 22:29 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-12 22:29 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-12 22:29 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-12 22:29 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-12 22:29 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-12 22:29 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-12 22:29 113,944 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-12 22:29 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-12 22:29 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-12 22:29 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-12 15:43 22,016 --a------ C:\WINDOWS\system32\mscoriezb.dll
2006-11-12 15:43 21,504 --a------ C:\WINDOWS\system32\Audiodevb.dll
2006-11-12 07:43 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\vlc
2006-11-08 20:39 <DIR> d-------- C:\JCAPS
2006-11-07 22:23 <DIR> d-------- C:\GDB
2006-11-07 22:14 <DIR> d-------- C:\Program Files\Runtime Software
2006-11-07 22:09 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-03 23:52 <DIR> d-------- C:\Program Files\MEDIC
2006-11-03 23:45 <DIR> d-------- C:\WINDOWS\Profiles
2006-11-03 23:45 <DIR> d-------- C:\Program Files\HERACTSTG
2006-11-03 23:45 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2006-11-03 17:31 <DIR> d-------- C:\LD Player
2006-11-03 16:51 <DIR> d-------- C:\Program Files\Elaborate Bytes
2006-11-03 16:45 15,360 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-24 16:40 -------- d-------- C:\Program Files\MP3+G Toolz .NET 4
2006-11-24 10:12 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Azureus
2006-11-22 21:58 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-22 21:57 -------- d-------- C:\Program Files\iolo
2006-11-16 10:51 -------- d-------- C:\Program Files\Common Files
2006-11-16 10:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 14:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-13 17:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-13 06:58 -------- d-------- C:\Program Files\Windows Media Player
2006-11-13 06:57 -------- d-------- C:\Program Files\Outlook Express
2006-11-13 06:57 -------- d-------- C:\Program Files\Internet Explorer
2006-11-13 06:57 -------- d-------- C:\Program Files\Common Files\System
2006-11-12 22:31 -------- d-------- C:\Program Files\NetMeeting
2006-11-12 17:30 -------- d-------- C:\Program Files\Roguescanfix
2006-11-10 12:47 -------- d-------- C:\Program Files\mIRC
2006-11-03 23:45 -------- d-------- C:\Program Files\Comcast Web Controls
2006-11-01 16:50 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-01 16:50 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-01 16:50 -------- d-------- C:\Program Files\Symantec
2006-10-21 05:54 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Google
2006-10-15 20:22 -------- d-------- C:\Program Files\Google
2006-10-14 18:22 724728 --a------ C:\Exercises.exe
2006-10-14 18:12 -------- d-------- C:\Program Files\WinZip
2006-10-13 16:46 -------- d-------- C:\Program Files\Citrix
2006-10-12 21:18 -------- d-------- C:\Program Files\PowerQuest
2006-10-12 18:05 -------- d-------- C:\Program Files\QuickTime
2006-10-12 18:04 -------- d-------- C:\Program Files\Apple Software Update
2006-10-09 16:48 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Lavasoft
2006-10-09 16:47 -------- d-------- C:\Program Files\Lavasoft
2006-10-08 14:47 -------- d-------- C:\Program Files\Anti-Leech
2006-10-07 09:23 -------- d-------- C:\Program Files\Azureus
2006-10-06 21:52 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-10-06 21:52 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-10-06 21:51 -------- d-------- C:\Program Files\Avanquest update
2006-10-06 15:52 -------- d-------- C:\Program Files\BearFlix
2006-10-05 18:14 -------- d---s---- C:\Documents and Settings\Mark.OFFICE\Application Data\Microsoft
2006-10-05 17:37 -------- d-------- C:\Program Files\Windows NT
2006-10-05 16:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-02 18:57 -------- d-------- C:\Program Files\DC++
2006-08-25 01:14 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"RegClean Expert Scheduler"="\"C:\\Program Files\\Registry Clean Expert\\RCHelper.exe\" /startup"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe\" /service /registry /auto:TivoTransfer"
"TivoNotify"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe\" /service /registry /auto:TivoNotify"
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /registry /auto:TivoServer"
"GoToMeeting"="C:\\Program Files\\Citrix\\GoToMeeting\\189\\g2mstart.exe \"/Trigger RunAtLogon\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"CloneCDElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"CloneCDTray"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"MEDIC"="\"C:\\Program Files\\MEDIC\\bin\\sprtcmd.exe\" /P MEDIC"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winisf32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Mark.job

Completion time: 06-11-25 9:21:48.82
C:\ComboFix.txt ... 06-11-25 09:21

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 25 November 2006 - 03:46 PM

Follow this

http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/


You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\Audiodevb.dll

O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O20 - Winlogon Notify: winisf32 - winisf32.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\Audiodevb.dll
C:\WINDOWS\system32\mscoriezb.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 November 2006 - 10:36 AM

Looking much better now. I am able to access sites like Symantec.com and also others like http://www.ewido.net/en/download/ that I couldn't yesterday.

As far as yesterdays instructions. I had done http://www.bleepingcomputer.com/forums/t/54501/how-to-remove-trust-cleaner-removal-instructions/ earlier in this process on post #3. I did the HiJackThis and deleted the 4 entries. Both the files listed were deleted using the killbox.exe.

Current status: I can now access sites that were being HiJacked as described above but I am still not able to change my home page using Internet Options. It just returns back to MSN (http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0409&pver=6.0&ar=home) each time. I know I can change this by changing the Internet Options in safe mode but I feel I am just masking the issue by doing that.

New log:

Logfile of HijackThis v1.99.1
Scan saved at 7:33:06 AM, on 11/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.OFFICE\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151646527968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CAPSRepository - SeeBeyond Technology Corporation, Inc - C:\JavaCAPS51\repository\repository.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sun SeeBeyond Enterprise Manager 5.1.0(15000) (EnterpriseManager51X15000) - Apache Software Foundation - C:\JavaCAPS51\emanager/server\bin\tomcat5.exe
O23 - Service: IS 5.1.0 Development (isDevelopment) - Apache Software Foundation - C:\JavaCAPS51\logicalhost\is\bin\issvc_Development.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 26 November 2006 - 12:19 PM

Please run the AVG AS and post its log, then run combo again and post its log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 November 2006 - 09:08 PM

I ran both the AVG AS and the ComboFix. The AVG AS found so much stuff that it hangs IE when I try to cut and paste the report (it was over 2000 items) but I have it saved if you need me to send it somewhere. The ComboFix log is below. FYI I still can not change the IE Home Page

ComboFix

Mark - 06-11-26 17:55:04.76 Service Pack 1
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mark.OFFICE\Desktop\Spy\1125"

((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))


2006-11-26 10:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 10:07 <DIR> d-------- C:\Program Files\Grisoft
2006-11-26 07:16 <DIR> d-------- C:\!KillBox
2006-11-25 09:55 <DIR> d-------- C:\Other Karaoke
2006-11-24 07:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-24 07:21 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-24 07:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-24 07:21 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-23 07:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-22 22:18 <DIR> d-------- C:\WINDOWS\temp
2006-11-22 09:26 <DIR> d-------- C:\Transfer
2006-11-16 12:12 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Apple Computer
2006-11-16 11:52 <DIR> d-------- C:\images
2006-11-16 10:52 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\acccore
2006-11-16 10:51 <DIR> d-------- C:\Program Files\Viewpoint
2006-11-16 10:51 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2006-11-16 10:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2006-11-16 10:50 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-16 10:50 <DIR> d-------- C:\Program Files\AIM6
2006-11-16 10:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2006-11-16 10:42 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2006-11-16 10:42 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-16 10:42 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-11-16 10:42 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2006-11-16 10:41 <DIR> d-------- C:\Program Files\SplitCam
2006-11-15 21:20 <DIR> d-------- C:\Autoruns
2006-11-13 17:57 3,204 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 17:44 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-13 06:58 <DIR> d-------- C:\Program Files\msn gaming zone
2006-11-13 06:56 532,480 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-11-13 06:56 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-11-13 06:56 1,172,992 --a------ C:\WINDOWS\system32\ole32.dll
2006-11-13 06:36 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-13 06:30 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-11-13 06:30 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-11-13 06:30 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-13 06:30 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-11-13 06:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-11-13 06:30 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-11-13 06:30 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-11-13 06:30 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-11-13 06:30 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-11-13 06:30 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-11-13 06:30 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-11-13 06:30 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-11-13 06:30 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-11-13 06:30 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-11-13 06:30 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-11-13 06:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-11-13 06:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-11-12 23:18 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-11-12 23:18 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-11-12 23:18 7,680 --a------ C:\WINDOWS\system32\ftpctrs2.dll
2006-11-12 23:18 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-11-12 23:18 60,416 --a------ C:\WINDOWS\system32\iismap.dll
2006-11-12 23:18 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-11-12 23:18 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2006-11-12 23:18 59,392 --a------ C:\WINDOWS\system32\iisext.dll
2006-11-12 23:18 56,320 --a------ C:\WINDOWS\system32\convlog.exe
2006-11-12 23:18 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-11-12 23:18 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-11-12 23:18 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-11-12 23:18 34,816 --a------ C:\WINDOWS\system32\admwprox.dll
2006-11-12 23:18 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-11-12 23:18 249,856 --a------ C:\WINDOWS\system32\adsiis.dll
2006-11-12 23:18 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-11-12 23:18 14,336 --a------ C:\WINDOWS\system32\iisreset.exe
2006-11-12 23:18 13,312 --a------ C:\WINDOWS\system32\exstrace.dll
2006-11-12 23:18 120,832 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-11-12 23:18 11,776 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-11-12 23:18 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-11-12 23:11 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-12 23:09 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-12 23:09 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-12 22:31 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-12 22:31 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-12 22:31 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-12 22:31 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-12 22:31 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-12 22:29 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-12 22:29 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-12 22:29 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-12 22:29 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-12 22:29 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-12 22:29 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-12 22:29 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-12 22:29 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-12 22:29 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-12 22:29 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-12 22:29 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-12 22:29 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-12 22:29 113,944 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-12 22:29 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-12 22:29 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-12 22:29 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-12 07:43 <DIR> d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\vlc
2006-11-08 20:39 <DIR> d-------- C:\JCAPS
2006-11-07 22:23 <DIR> d-------- C:\GDB
2006-11-07 22:14 <DIR> d-------- C:\Program Files\Runtime Software
2006-11-07 22:09 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-03 23:52 <DIR> d-------- C:\Program Files\MEDIC
2006-11-03 23:45 <DIR> d-------- C:\WINDOWS\Profiles
2006-11-03 23:45 <DIR> d-------- C:\Program Files\HERACTSTG
2006-11-03 23:45 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2006-11-03 17:31 <DIR> d-------- C:\LD Player
2006-11-03 16:51 <DIR> d-------- C:\Program Files\Elaborate Bytes
2006-11-03 16:45 15,360 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-25 16:59 -------- d-------- C:\Program Files\MP3+G Toolz .NET 4
2006-11-24 10:12 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Azureus
2006-11-22 21:58 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-22 21:57 -------- d-------- C:\Program Files\iolo
2006-11-16 10:51 -------- d-------- C:\Program Files\Common Files
2006-11-16 10:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 14:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-13 17:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-13 06:58 -------- d-------- C:\Program Files\Windows Media Player
2006-11-13 06:57 -------- d-------- C:\Program Files\Outlook Express
2006-11-13 06:57 -------- d-------- C:\Program Files\Internet Explorer
2006-11-13 06:57 -------- d-------- C:\Program Files\Common Files\System
2006-11-12 22:31 -------- d-------- C:\Program Files\NetMeeting
2006-11-12 17:30 -------- d-------- C:\Program Files\Roguescanfix
2006-11-10 12:47 -------- d-------- C:\Program Files\mIRC
2006-11-03 23:45 -------- d-------- C:\Program Files\Comcast Web Controls
2006-11-01 16:50 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-01 16:50 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-01 16:50 -------- d-------- C:\Program Files\Symantec
2006-10-21 05:54 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Google
2006-10-15 20:22 -------- d-------- C:\Program Files\Google
2006-10-14 18:22 724728 --a------ C:\Exercises.exe
2006-10-14 18:12 -------- d-------- C:\Program Files\WinZip
2006-10-13 16:46 -------- d-------- C:\Program Files\Citrix
2006-10-12 21:18 -------- d-------- C:\Program Files\PowerQuest
2006-10-12 18:05 -------- d-------- C:\Program Files\QuickTime
2006-10-12 18:04 -------- d-------- C:\Program Files\Apple Software Update
2006-10-09 16:48 -------- d-------- C:\Documents and Settings\Mark.OFFICE\Application Data\Lavasoft
2006-10-09 16:47 -------- d-------- C:\Program Files\Lavasoft
2006-10-08 14:47 -------- d-------- C:\Program Files\Anti-Leech
2006-10-07 09:23 -------- d-------- C:\Program Files\Azureus
2006-10-06 21:52 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-10-06 21:52 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-10-06 21:51 -------- d-------- C:\Program Files\Avanquest update
2006-10-06 15:52 -------- d-------- C:\Program Files\BearFlix
2006-10-05 18:14 -------- d---s---- C:\Documents and Settings\Mark.OFFICE\Application Data\Microsoft
2006-10-05 17:37 -------- d-------- C:\Program Files\Windows NT
2006-10-05 16:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-02 18:57 -------- d-------- C:\Program Files\DC++


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"RegClean Expert Scheduler"="\"C:\\Program Files\\Registry Clean Expert\\RCHelper.exe\" /startup"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe\" /service /registry /auto:TivoTransfer"
"TivoNotify"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe\" /service /registry /auto:TivoNotify"
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /registry /auto:TivoServer"
"GoToMeeting"="C:\\Program Files\\Citrix\\GoToMeeting\\189\\g2mstart.exe \"/Trigger RunAtLogon\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"CloneCDElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"CloneCDTray"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"MEDIC"="\"C:\\Program Files\\MEDIC\\bin\\sprtcmd.exe\" /P MEDIC"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Mark.job

Completion time: 06-11-26 17:55:46.98
C:\ComboFix.txt ... 06-11-26 17:55

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 27 November 2006 - 04:59 PM

post a hijack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 27 November 2006 - 08:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:17:48 PM, on 11/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.OFFICE\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151646527968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAPSRepository - SeeBeyond Technology Corporation, Inc - C:\JavaCAPS51\repository\repository.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sun SeeBeyond Enterprise Manager 5.1.0(15000) (EnterpriseManager51X15000) - Apache Software Foundation - C:\JavaCAPS51\emanager/server\bin\tomcat5.exe
O23 - Service: IS 5.1.0 Development (isDevelopment) - Apache Software Foundation - C:\JavaCAPS51\logicalhost\is\bin\issvc_Development.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 27 November 2006 - 08:26 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 28 November 2006 - 09:44 AM

Below are the two logs. FYI I still can not change my IE Home Page


Spy Sweeper:

6:31 AM: Removal process completed. Elapsed time 00:00:44
6:31 AM: Preparing to restart your computer. Please wait...
6:31 AM: Quarantining All Traces: tribalfusion cookie
6:31 AM: Quarantining All Traces: trafficmp cookie
6:31 AM: Quarantining All Traces: serving-sys cookie
6:31 AM: Quarantining All Traces: realmedia cookie
6:31 AM: Quarantining All Traces: questionmarket cookie
6:31 AM: Quarantining All Traces: imlive.com cookie
6:31 AM: Quarantining All Traces: monstermarketplace cookie
6:31 AM: Quarantining All Traces: mediaplex cookie
6:31 AM: Quarantining All Traces: maxserving cookie
6:31 AM: Quarantining All Traces: webtrends cookie
6:31 AM: Quarantining All Traces: ic-live cookie
6:31 AM: Quarantining All Traces: ru4 cookie
6:31 AM: Quarantining All Traces: overture cookie
6:31 AM: Quarantining All Traces: atlas dmt cookie
6:31 AM: Quarantining All Traces: casalemedia cookie
6:31 AM: Quarantining All Traces: advertising cookie
6:31 AM: Quarantining All Traces: pointroll cookie
6:31 AM: Quarantining All Traces: addynamix cookie
6:31 AM: Quarantining All Traces: adrevolver cookie
6:31 AM: Quarantining All Traces: yieldmanager cookie
6:31 AM: Quarantining All Traces: websponsors cookie
6:31 AM: Quarantining All Traces: 2o7.net cookie
6:31 AM: c:\program files\microsoft office\clipart\pub60cor\tr00402(0x is in use. It will be removed on reboot.
6:31 AM: c:\program files\microsoft office\clipart\pub60cor\tr00402(0x is in use. It will be removed on reboot.
6:31 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
6:31 AM: Quarantining All Traces: potentially rootkit-masked files
6:31 AM: Removal process initiated
6:25 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
5:24 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:23 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
3:23 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
2:42 AM: Traces Found: 29
2:42 AM: Custom Sweep has completed. Elapsed time 07:14:55
2:42 AM: File Sweep Complete, Elapsed Time: 07:12:07
2:30 AM: Warning: Stream read error
2:23 AM: Warning: Stream read error
2:23 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
2:18 AM: Warning: Stream read error
2:16 AM: Warning: Stream read error
2:15 AM: Warning: Stream read error
2:15 AM: Warning: Stream read error
2:14 AM: Warning: Stream read error
2:12 AM: Warning: Stream read error
2:11 AM: Warning: Stream read error
2:11 AM: Warning: Stream read error
2:09 AM: Warning: Stream read error
2:09 AM: Warning: Stream read error
2:08 AM: Warning: Stream read error
1:48 AM: Warning: Stream read error
1:47 AM: Warning: Stream read error
1:47 AM: Warning: Stream read error
1:46 AM: Warning: Stream read error
1:42 AM: Warning: Stream read error
1:36 AM: Warning: Stream read error
1:32 AM: Warning: Stream read error
1:31 AM: Warning: Stream read error
1:23 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
1:13 AM: Warning: Stream read error
12:46 AM: Warning: Stream read error
12:23 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
12:22 AM: Warning: Stream read error
12:22 AM: Warning: Stream read error
12:20 AM: Warning: Stream read error
12:02 AM: Warning: Stream read error
11:48 PM: Warning: Stream read error
11:34 PM: Warning: Stream read error
11:33 PM: Warning: Stream read error
11:31 PM: Warning: Stream read error
11:23 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
10:53 PM: Warning: Stream read error
10:23 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
10:10 PM: Warning: Stream read error
9:23 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
9:22 PM: Warning: Stream read error
9:15 PM: Warning: Stream read error
9:15 PM: Warning: Stream read error
8:33 PM: Warning: Stream read error
8:33 PM: Warning: Stream read error
8:32 PM: Warning: Stream read error
8:31 PM: Warning: Stream read error
8:30 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:29 PM: Warning: Stream read error
8:25 PM: Warning: Stream read error
8:23 PM: Warning: Stream read error
8:23 PM: Warning: Stream read error
8:23 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
8:22 PM: Warning: Stream read error
8:22 PM: Warning: Stream read error
8:22 PM: Warning: Stream read error
8:21 PM: Warning: Stream read error
8:21 PM: Warning: Stream read error
8:20 PM: Warning: Stream read error
8:20 PM: Warning: Stream read error
8:20 PM: Warning: Stream read error
8:20 PM: Warning: Stream read error
8:20 PM: Warning: Stream read error
8:16 PM: Warning: Stream read error
8:12 PM: Warning: Stream read error
8:12 PM: Warning: Stream read error
8:11 PM: Warning: Stream read error
8:08 PM: c:\program files\microsoft office\clipart\pub60cor\tr00402(0x (ID = 0)
8:08 PM: c:\program files\microsoft office\clipart\pub60cor\tr00402(0x (ID = 0)
8:08 PM: Found System Monitor: potentially rootkit-masked files
8:08 PM: Warning: Failed to access drive K:
8:08 PM: Warning: Failed to access drive J:
8:08 PM: Warning: Failed to access drive I:
8:08 PM: Warning: Failed to access drive H:
8:08 PM: Warning: Failed to access drive G:
8:08 PM: Warning: Failed to access drive F:
7:55 PM: Warning: Failed to open file "c:\program files\microsoft office\clipart\pub60cor\tr00402(0x". The operation completed successfully
7:55 PM: Warning: Failed to open file "c:\program files\microsoft office\clipart\pub60cor\tr00402(0x". The operation completed successfully
7:54 PM: Warning: Failed to open file "c:\program files\norton antivirus\savrt\0862nav~.tmp". The operation completed successfully
7:30 PM: Starting File Sweep
7:30 PM: Warning: Failed to access drive A:
7:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:30 PM: c:\documents and settings\mark.office\cookies\mark@www.monstermarketplace[1].txt (ID = 3007)
7:30 PM: c:\documents and settings\mark.office\cookies\mark@tribalfusion[1].txt (ID = 3589)
7:30 PM: Found Spy Cookie: tribalfusion cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@trafficmp[1].txt (ID = 3581)
7:30 PM: Found Spy Cookie: trafficmp cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@serving-sys[1].txt (ID = 3343)
7:30 PM: Found Spy Cookie: serving-sys cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@realmedia[1].txt (ID = 3235)
7:30 PM: Found Spy Cookie: realmedia cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@questionmarket[2].txt (ID = 3217)
7:30 PM: Found Spy Cookie: questionmarket cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@perf.overture[1].txt (ID = 3106)
7:30 PM: c:\documents and settings\mark.office\cookies\mark@pcash.imlive[1].txt (ID = 2844)
7:30 PM: Found Spy Cookie: imlive.com cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@msnportal.112.2o7[1].txt (ID = 1958)
7:30 PM: c:\documents and settings\mark.office\cookies\mark@monstermarketplace[2].txt (ID = 3006)
7:30 PM: Found Spy Cookie: monstermarketplace cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@mediaplex[1].txt (ID = 6442)
7:30 PM: Found Spy Cookie: mediaplex cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@maxserving[1].txt (ID = 2966)
7:30 PM: Found Spy Cookie: maxserving cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@m.webtrends[2].txt (ID = 3669)
7:30 PM: Found Spy Cookie: webtrends cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@ic-live[1].txt (ID = 2821)
7:30 PM: Found Spy Cookie: ic-live cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@edge.ru4[2].txt (ID = 3269)
7:30 PM: Found Spy Cookie: ru4 cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@data4.perf.overture[2].txt (ID = 3106)
7:30 PM: Found Spy Cookie: overture cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@casalemedia[1].txt (ID = 2354)
7:30 PM: c:\documents and settings\mark.office\cookies\mark@atdmt[2].txt (ID = 2253)
7:30 PM: Found Spy Cookie: atlas dmt cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@as.casalemedia[1].txt (ID = 2355)
7:30 PM: Found Spy Cookie: casalemedia cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@advertising[2].txt (ID = 2175)
7:30 PM: Found Spy Cookie: advertising cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@ads.pointroll[1].txt (ID = 3148)
7:30 PM: Found Spy Cookie: pointroll cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@ads.addynamix[1].txt (ID = 2062)
7:30 PM: Found Spy Cookie: addynamix cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@adrevolver[2].txt (ID = 2088)
7:30 PM: c:\documents and settings\mark.office\cookies\mark@adrevolver[1].txt (ID = 2088)
7:30 PM: Found Spy Cookie: adrevolver cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@ad.yieldmanager[1].txt (ID = 3751)
7:30 PM: Found Spy Cookie: yieldmanager cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@a.websponsors[2].txt (ID = 3665)
7:30 PM: Found Spy Cookie: websponsors cookie
7:30 PM: c:\documents and settings\mark.office\cookies\mark@2o7[1].txt (ID = 1957)
7:30 PM: Found Spy Cookie: 2o7.net cookie
7:30 PM: Starting Cookie Sweep
7:30 PM: Registry Sweep Complete, Elapsed Time:00:00:10
7:30 PM: Starting Registry Sweep
7:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:31
7:27 PM: Starting Memory Sweep
7:27 PM: Start Custom Sweep
7:27 PM: Sweep initiated using definitions version 809
7:27 PM: Spy Sweeper 5.2.3.2132 started
7:27 PM: | Start of Session, Monday, November 27, 2006 |


HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 6:40:35 AM, on 11/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark.OFFICE\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151646527968
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAPSRepository - SeeBeyond Technology Corporation, Inc - C:\JavaCAPS51\repository\repository.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sun SeeBeyond Enterprise Manager 5.1.0(15000) (EnterpriseManager51X15000) - Apache Software Foundation - C:\JavaCAPS51\emanager/server\bin\tomcat5.exe
O23 - Service: IS 5.1.0 Development (isDevelopment) - Apache Software Foundation - C:\JavaCAPS51\logicalhost\is\bin\issvc_Development.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 28 November 2006 - 11:13 AM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 Coops599

Coops599
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 28 November 2006 - 10:32 PM

I am unable to turn off System Restore I get the following error

"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again". Which I did but no change. That is a windows problem which I can probably Google and remedy. However I still can not set my IE Home Page back to anything I want. All it does is change it back to http://www.microsoft.com/isapi/redir.dll?p...6.0&ar=home as soon as I close and reopen IE. This only started happening when I got the SpyWare...any ideas??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users