Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Internet(i've Tried Everything Else)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Vaerli

Vaerli

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 20 May 2007 - 07:33 PM

I've just been having some general internet troubles, particularly sending email, such as Yahoo mail. Its just slower in general too. Thanks in Advance...

I think its this part below in quotes, but I'm not sure, and I don't want to screw up my computer, and don't know exactly how to kill it(I'm guessing HJT fix place would work first), so here's a log, just to make sure everything is clean.

*Note: Bitdefender said that it blocked ContextualAds.A virus or something during an Ad-Aware Scan(I've got a screenshot of it now. The problem is that I can't upload it to imageshack or someplace like that to show it.), so I think this is it. (Its in the log below, with another thing I don't recognize)

Edit: I read this, so I suppose I should say some more to give you details.


Firefox hasn't been working(uninstalled, reinstalled, uninstalled, killed mozilla settings, reinstalled, still doesn't work). Before this, it worked before, but the internet was still screwed up. I think that i've run everything on the checklist, and possibly a tad more. I've messed around a ton, and updated firmware and whatever. A few days ago, in an update, I noticed that after it installed it, it wouldn't let the internet work at all, so I system restored it, and eventually made it not to remind me to install it again. It came with Norton, but I don't use it, and have blocked it from starting up, and now the 30 day free trial of bitdefender is what I use mostly. Also, I've had to manually install virus definitions and updates for Bitdefender and Spybot: Search and Destroy. As I said above, when I was having some problems in the past few days even moreso, Ad-Aware scans weren't working right, and would stop in the middle, and since I had to cancel them, at the end it wouldn't have anything up but would say that it had scanned 1234567890 files, and had found like 99 infected, and whatever else. It still does that, even after I went into safe mode and scanned. Also, I think I also should mention that Its been now just a bit over two weeks that the internet has been bad. I've tried so much, that if I can get ahold of my friend's 4gb flash drive(got a 40gb HD comp in my room), and can surely get my internet reinstalled fine, then I'm just going to reformat, unless you guys can fix it to it's previous speed and all. Oh, and I think I could have made myself If I hadn't set the System restore percentage amount down to like 3%, because it invalidated all my restore points.

Here's the things that don't look right, that I think are wrong.

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)




Logfile of HijackThis v1.99.1
Scan saved at 6:33:10 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - http://www.webpcfos.com/webpcfos/websabre/HTEweb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Edited by Vaerli, 20 May 2007 - 10:33 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 21 May 2007 - 06:57 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Vaerli :thumbsup:

It came with Norton, but I don't use it, and have blocked it from starting up

If you're not using Norton Antivirus you should remove/uninstall it via Start/Control Panel/Add or Remove Programs,then restart your pc.

If there’s no uninstaller available in Add\Remove Programs then you’ll need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.

*************************

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then restart your pc.

*************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Exit Hijackthis.

*************************

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post the contents of C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#3 Vaerli

Vaerli
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 May 2007 - 08:09 AM

I haven't gotten to the cleanup and combofix parts yet, but I got this error when I fixed one of those entries:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing))
Error #70 - Permission denied

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


I'll get that log up as soon as I can.

Also, I got an error while I was scanning with combofix. I saved it too, so I'll get it up when I get home too.

Edited by Vaerli, 21 May 2007 - 08:59 AM.

Q6600, 4GB g-skill, 8800GT, P5N-D motherboard
Posted Image
My art


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 21 May 2007 - 06:21 PM

If you're not able to get any further,restart your pc and post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 Vaerli

Vaerli
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 May 2007 - 07:11 PM

Heres the error that I got while combofix was running...

[quote=error]c:/WINDOWS/system32/cmd.com is not a valid win32 application.[/error]

It still hasn't been working how it should. I think things go a bit faster outside of the internet. Ad-aware's scan still didn't work though, and its all slow(I've been having a ton of trouble trying to post this.)

Here's the combofix log.

"

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 21 May 2007 - 07:22 PM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.zip
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:/WINDOWS/System32/cmd.com

Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

Now try Combofix again.
Posted Image
Posted Image

#7 Vaerli

Vaerli
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 21 May 2007 - 07:30 PM

uggh! I had the log up there, but my internet has been messing up so bad it didn't complete the rest that I wanted to put up there.


I'll get that killbox and try again, and after that, I'll get a new HJT log, and see if its clean after that.

I'm having a lot of trouble with posting things(uploading in general, I think)

Edit: since I can't seem to upload as much text as is in a single Log, I'll take it in on a flash drive tommorrow morning to school, and post it then. I see you're in the UK, so it'll probably be pretty late/early for you. I don't think I can do much more. If it won't post them, you can't see anything. :/

Edited by Vaerli, 21 May 2007 - 07:54 PM.

Q6600, 4GB g-skill, 8800GT, P5N-D motherboard
Posted Image
My art


#8 Vaerli

Vaerli
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 May 2007 - 01:54 PM

I think this is the right post thing that I saved last night....

Combofix log:

"HP_Administrator" - 2007-05-21 18:31:43 Service Pack 2

ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\HP_Administrator\My Documents\Hans\"




(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))





C:\WINDOWS\keyboard181.dat

C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sskdmns.dll

C:\WINDOWS\system32\netstat.com

C:\WINDOWS\system32\ping.com

C:\WINDOWS\system32\setup.exe.tmp

C:\WINDOWS\system32\taskkill.com

C:\WINDOWS\system32\tasklist.com

C:\WINDOWS\system32\tracert.com

C:\WINDOWS\system32\wapitr.exe





((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))





2007-05-21 18:27 <DIR> d-------- C:\!KillBox

2007-05-21 07:27 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-20 14:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-20 11:03 <DIR> d-------- C:\Program Files\LightScribe Diagnostic Utility

2007-05-19 19:40 574,592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys

2007-05-19 19:35 7,077,888 --a------ C:\DOCUME~1\HP_ADM~1\ntuser.dat

2007-05-13 19:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\acccore

2007-05-12 17:57 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-05-12 17:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Bitdefender

2007-05-12 17:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

2007-05-11 22:00 <DIR> d-------- C:\Program Files\RegCure

2007-05-11 21:45 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\usrusmt2.tmp

2007-05-11 19:06 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitTorrent

2007-05-11 14:55 <DIR> d-------- C:\Softpaq

2007-05-11 14:54 <DIR> d-------- C:\Program Files\Realtek AC97

2007-05-11 14:36 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech

2007-05-11 14:35 <DIR> d-------- C:\temp

2007-05-11 14:02 <DIR> d-------- C:\WINDOWS\OPTIONS

2007-05-08 17:35 <DIR> d-------- C:\Program Files\CCleaner

2007-05-07 21:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan

2007-05-06 21:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-06 15:52 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-06 15:52 <DIR> d-------- C:\Downloads

2007-05-06 15:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SampleView

2007-05-06 15:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft

2007-05-06 15:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ

2007-05-06 15:52 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM

2007-05-06 15:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-05-06 15:40 <DIR> d--h----- C:\system.sav

2007-05-06 15:40 <DIR> d-------- C:\Program Files\MSBuild

2007-05-06 15:40 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-04-30 20:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-04-30 20:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-04-30 20:04 23,040 --------- C:\WINDOWS\kb913800.exe

2007-04-30 19:44 <DIR> d-------- C:\Program Files\MSXML 6.0

2007-04-30 19:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-04-30 19:38 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-04-30 19:36 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-04-30 19:31 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys

2007-04-30 19:31 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys

2007-04-30 19:24 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2007-04-30 19:24 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-04-30 19:24 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-04-21 02:43 <DIR> d-------- C:\WINDOWS\system32\Symantec





(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2007-05-21 03:08:07 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\gtk-2.0

2007-05-20 19:05:38 -------- d---a-w C:\Program Files\Common Files\LightScribe

2007-05-19 14:43:36 -------- d-----w C:\Program Files\e-Sword

2007-05-18 02:48:28 4,042 ----a-w C:\WINDOWS\mozver.dat

2007-05-17 04:23:48 45,200 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat

2007-05-17 01:09:17 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-12 17:37:59 -------- d-----w C:\Program Files\GIMP-2.0

2007-05-12 03:28:04 -------- d-----w C:\Program Files\Common Files\Sonic Shared

2007-05-12 03:27:25 -------- d-----w C:\Program Files\Sonic

2007-05-12 00:51:26 -------- d-----w C:\Program Files\PC-Doctor 5 for Windows

2007-05-11 21:55:30 -------- d-----w C:\Program Files\Apophysis 2.0

2007-05-11 20:54:08 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-07 23:25:06 -------- d-----w C:\Program Files\IntelliMover Data Transfer Demo

2007-05-06 21:53:55 -------- d-----w C:\Program Files\QuickTime

2007-05-01 02:00:30 79,232 ----a-w C:\WINDOWS\hpfins05.dat

2007-04-14 16:27:27 -------- d-----w C:\Program Files\AIM6

2007-04-07 20:46:40 -------- d-----w C:\Program Files\Google

2007-04-07 04:07:27 -------- d-----w C:\Program Files\Common Files\AOLSHARE

2007-03-23 12:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll

2007-03-23 12:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll

2007-03-23 02:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-16 23:35:51 -------- d-----w C:\Program Files\iTunes

2007-03-16 23:35:41 -------- d-----w C:\Program Files\iPod

2007-03-15 04:22:33 -------- d-----w C:\Program Files\HP

2007-03-15 04:22:19 -------- d-----w C:\Program Files\Hewlett-Packard

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-04 17:26:22 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys

2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll





(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))





*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 11:28]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 09:56]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{BDF3E430-B101-42AD-A544-FADC6B084872}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 15:43]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-06-20 14:35]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=sockspy.dll



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1131929683\ee\AOLSoftware.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"c:\program files\common files\installshield\updateservice\issch.exe" -start



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

C:\HP\KBD\KBD.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]

c:\Program Files\Norton Internet Security\UrlLstCk.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480





Contents of the 'Scheduled Tasks' folder

2007-05-11 20:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-05-20 01:30:00 C:\WINDOWS\tasks\dfrg.job

2006-11-25 03:01:41 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job

2007-05-22 00:29:26 C:\WINDOWS\tasks\RegCure Program Check.job

2007-05-12 04:00:20 C:\WINDOWS\tasks\RegCure.job

2007-05-21 14:01:35 C:\WINDOWS\tasks\Symantec NetDetect.job



********************************************************************



catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-21 18:34:29

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0





********************************************************************



Completion time: 2007-05-21 18:35:08

C:\ComboFix-quarantined-files.txt ... 2007-05-21 18:35

C:\ComboFix2.txt ... 2007-05-21 07:26



--- E O F ---



New HJT log:



Logfile of HijackThis v1.99.1

Scan saved at 5:51:40 PM, on 5/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\Program Files\Norton Internet Security\ISSVC.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\dllhost.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - http://www.webpcfos.com/webpcfos/websabre/HTEweb.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Q6600, 4GB g-skill, 8800GT, P5N-D motherboard
Posted Image
My art


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 22 May 2007 - 02:14 PM

You’ve got Norton Internet Security and BitDefender10 installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other as soon as possible,then restart your pc.

If you decide to uninstall Norton,if there’s no uninstaller available in Add\Remove Programs then you’’ll need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.

When you've done that,post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#10 Vaerli

Vaerli
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 May 2007 - 07:43 PM

Eh, this can be closed. I reset it to factory settings, after I backed up all my other files on an external HD I got last night.


Even though it didn't work, Thanks for your time.

Q6600, 4GB g-skill, 8800GT, P5N-D motherboard
Posted Image
My art


#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 23 May 2007 - 07:45 PM

Since your problem appears to be resolved,this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users