help with the spyware b129.exe

Discussion in 'Windows - Virus and spyware problems' started by blrman, Apr 18, 2007.

  1. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 7:07:51 AM, on 4/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\Explorer.EXE
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINNT\updater.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    this is the hyjacker note pad file this b129.exe is killing me
     
    blrman, Apr 18, 2007
    #1
  2. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    There's quite a couple of things wrong with your computer, including WebEnhancer (see http://www.cexx.org/webhancer.htm), so I'm going to have to call for help. No worries, we can still get them fixed :)
     
    Fredil, Apr 18, 2007
    #2
  3. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Thanks for the link and help I am still working on it I have run spybot and adwarese I will rerun the hyjackthis and post the results as soon as I get home from work Thanks
     
    blrman, Apr 18, 2007
    #3
  4. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    this is the new log file
    Logfile of HijackThis v1.99.1
    Scan saved at 7:44:08 AM, on 4/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\Explorer.EXE
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\WINNT\updater.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    I hope I was able to fix most of the problems
     
    blrman, Apr 19, 2007
    #4
  5. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. Then the Save List button. Save the list to your Desktop.

    Copy/paste the contents of the list in your reply please.
     
    KotaGuy, Apr 20, 2007
    #5
  6. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Ad-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Professional
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.6 Update
    Apple Software Update
    Avanquest update
    ccCommon
    Chilton's Reference Library
    DVD Shrink 3.2
    EzTune
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel Security Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Worm Protection
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Matrox Graphics Software (remove only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Location Finder
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows XP Video Decoder Checkup Utility
    Motorola Phone Tools
    Mouse Suite
    MSN Music Assistant
    MSRedist
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Norton AntiVirus 2005
    Norton AntiVirus Parent MSI
    Norton CleanSweep
    Norton SystemWorks
    Norton SystemWorks 2005 (Symantec Corporation)
    Norton Utilities
    Norton WMI Update
    NSW_DRM_COLLECTION
    Outerinfo
    Pivot Software
    QuickTime
    Roxio Easy Media Creator 8 Suite
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SPBBC
    Spybot - Search & Destroy 1.4
    Symantec Script Blocking Installer
    SymNet
    Textbook Edition
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinZip

    thisis the uninstall list Thanks
     
    blrman, Apr 21, 2007
    #6
  7. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Outerinfo

    Once done reboot and post a new HijackThis log please.
     
    KotaGuy, Apr 21, 2007
    #7
  8. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hey, Kotaguy, just a question:

    After I did a System Restore, when I went to run, there was text in it that said "shutdown -a". What does that mean?
     
    Last edited: Apr 21, 2007
    Fredil, Apr 21, 2007
    #8
  9. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 8:34:20 PM, on 4/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\Explorer.EXE
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    D:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    aAd-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Professional
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.6 Update
    Apple Software Update
    Avanquest update
    ccCommon
    CCleaner (remove only)
    Chilton's Reference Library
    DVD Shrink 3.2
    EzTune
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel Security Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Worm Protection
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Matrox Graphics Software (remove only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Location Finder
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows XP Video Decoder Checkup Utility
    Motorola Phone Tools
    Mouse Suite
    MSN Music Assistant
    MSRedist
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Norton AntiVirus 2005
    Norton AntiVirus Parent MSI
    Norton CleanSweep
    Norton SystemWorks
    Norton SystemWorks 2005 (Symantec Corporation)
    Norton Utilities
    Norton WMI Update
    NSW_DRM_COLLECTION
    Pivot Software
    QuickTime
    Roxio Easy Media Creator 8 Suite
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SPBBC
    Spybot - Search & Destroy 1.4
    Symantec Script Blocking Installer
    SymNet
    Textbook Edition
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinZip

    nd this is the uninstall mgr

    Ad-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Professional
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.6 Update
    Apple Software Update
    Avanquest update
    ccCommon
    CCleaner (remove only)
    Chilton's Reference Library
    DVD Shrink 3.2
    EzTune
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel Security Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Worm Protection
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Matrox Graphics Software (remove only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Location Finder
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows XP Video Decoder Checkup Utility
    Motorola Phone Tools
    Mouse Suite
    MSN Music Assistant
    MSRedist
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    Norton AntiVirus 2005
    Norton AntiVirus Parent MSI
    Norton CleanSweep
    Norton SystemWorks
    Norton SystemWorks 2005 (Symantec Corporation)
    Norton Utilities
    Norton WMI Update
    NSW_DRM_COLLECTION
    Pivot Software
    QuickTime
    Roxio Easy Media Creator 8 Suite
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SPBBC
    Spybot - Search & Destroy 1.4
    Symantec Script Blocking Installer
    SymNet
    Textbook Edition
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinZip



     
    blrman, Apr 21, 2007
    #9
  10. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 9:42:25 PM, on 4/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\Explorer.EXE
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    this is round three after the 3 rd restart
     
    blrman, Apr 21, 2007
    #10
  11. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Print this out for reference during the fix as for part of it you will be in Safe Mode and won't be able to access this site.

    You still need to uninstall these...

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    Those are old versions of Java and can be exploited if you don't.

    Hit CTRL+ALT+DELETE to bring up the Task Manager. End Task the following:

    uqfom.exe
    uqfoa.exe

    Run and scan with HijackThis and place checks beside the following:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
    O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O18 - Filter: text/html - (no CLSID) - (no file)

    Close all open browsers/windows and click the Fix button.

    Boot into Safe Mode

    Search for and delete these Folders:

    C:\Program Files\webHancer
    C:\Program Files\Common Files\uqfo

    Search for and delete this File:

    C:\WINNT\updater.exe

    Empty your Recylce Bin.

    Reboot Windows normally.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.

    [*]The program will launch and then begin downloading the latest definition files:
    [*]Once the files have been downloaded click on NEXT
    [*]Now click on Scan Settings
    [*]In the scan settings make that the following are selected:

    [*]Scan using the following Anti-Virus database:

    Extended (if available otherwise Standard)

    [*]Scan Options:

    Scan Archives Scan Mail Bases

    [*]Click OK
    [*]Now under select a target to scan:

    Select My Computer

    [*]This will program will start and scan your system.
    [*]The scan will take a while so be patient and let it run.
    [*]Once the scan is complete it will display if your system has been infected.
    [*]Now click on the Save as Text button:
    [*]Save the file to your desktop.

    Copy/paste the contents of the file in your next reply along with a new HijackThis log please.
     
    KotaGuy, Apr 21, 2007
    #11
  12. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    I could not get the anti virus to work and download but this is the hyjackthis log file I will keep working on the anti virus
    Logfile of HijackThis v1.99.1
    Scan saved at 7:15:41 AM, on 4/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\mobsync.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
    blrman, Apr 23, 2007
    #12
  13. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looking good.

    I still see this in the log though...

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir

    Did you miss that or do you need it for work or something?

    I also need to see the Kaspersky log too.
     
    Last edited: Apr 23, 2007
    KotaGuy, Apr 23, 2007
    #13
  14. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    C:\WINNT\system32\config\system.LOG Object is locked skipped

    C:\WINNT\system32\config\software.LOG Object is locked skipped

    C:\WINNT\system32\config\default.LOG Object is locked skipped

    C:\WINNT\system32\config\SECURITY Object is locked skipped

    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINNT\system32\config\SAM Object is locked skipped

    C:\WINNT\system32\config\SAM.LOG Object is locked skipped

    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SYSTEM Object is locked skipped

    C:\WINNT\system32\config\SOFTWARE Object is locked skipped

    C:\WINNT\system32\config\DEFAULT Object is locked skipped

    C:\WINNT\system32\config\Internet.evt Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINNT\system32\h323log.txt Object is locked skipped

    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINNT\WindowsUpdate.log Object is locked skipped

    C:\WINNT\SchedLgU.Txt Object is locked skipped

    C:\WINNT\pw.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

    C:\WINNT\b129.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\WINNT\b129.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\WINNT\b129.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\WINNT\b129.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\WINNT\b129.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\WINNT\b129.exe NSIS: infected - 5 skipped

    C:\WINNT\b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    C:\WINNT\b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    C:\WINNT\b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\WINNT\b128.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\WINNT\b128.exe NSIS: infected - 4 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08531E8F.tmp Infected: Trojan.Win32.Crypt.e skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A550593.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 NSIS: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B320B7.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CAB: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38706897.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA2571C.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA50119.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA92B15.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe ZIP: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe CryptFF: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D2A617F.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66061DFF.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660947FB Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660D71F8.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D0AFC.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B NSIS: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78024601.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B081747.exe Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31367744.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp RarSFX: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp CryptFF: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\jeb\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\jeb\Cookies\index.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Recycled\NPROTECT\NPROTECT.LOG Object is locked skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe NSIS: infected - 3 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe NSIS: infected - 3 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe NSIS: infected - 2 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057020.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057021.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057022.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058230.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058234.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058235.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP581\change.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe NSIS: infected - 2 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe CryptFF: infected - 2 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe NSIS: infected - 3 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe CryptFF: infected - 3 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe NSIS: infected - 3 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe CryptFF: infected - 3 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\0A071F6E.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

    D:\Program Files\Norton AntiVirus\Quarantine\0A0D7367.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

    D:\Program Files\Norton AntiVirus\Quarantine\0A144760.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    D:\Program Files\Norton AntiVirus\Quarantine\27D146B3.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    D:\Program Files\Norton AntiVirus\Quarantine\28164C6C.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe NSIS: infected - 2 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe CryptFF: infected - 2 skipped

    D:\Program Files\Norton AntiVirus\Quarantine\6109544F.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\Program Files\Norton AntiVirus\Quarantine\7A51647D.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe ZIP: infected - 6 skipped

    G:\System Volume Information\MountPointManagerRemoteDatabase
    holy cow this is the kerpersky log I don't know what to do
     
    blrman, Apr 26, 2007
    #14
  15. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/setup.bat Infected: Trojan.BAT.Zapchast

    First thing you need to do is stop using cracked programs.

    Print this out for reference during the fix as you will be in Safe Mode for part of it and won't be able to access this site.

    Boot into Safe Mode.

    Search for and delete these Files:

    C:\WINNT\pw.exe
    C:\WINNT\b129.exe
    C:\WINNT\b128.exe
    G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe

    Empty your Recycle Bin.

    Reboot Windows normally.

    Do another online Kaspersky scan. Post its log along with a new HijackThis log please.
     
    KotaGuy, Apr 26, 2007
    #15
  16. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    Total number of scanned objects 64095
    Number of viruses found 24
    Number of infected objects 112 / 0
    Number of suspicious objects 0
    Duration of the scan process 05:44:55

    Infected Object Name Virus Name Last Action
    C:\WINNT\system32\config\system.LOG Object is locked skipped

    C:\WINNT\system32\config\software.LOG Object is locked skipped

    C:\WINNT\system32\config\default.LOG Object is locked skipped

    C:\WINNT\system32\config\SECURITY Object is locked skipped

    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINNT\system32\config\SAM Object is locked skipped

    C:\WINNT\system32\config\SAM.LOG Object is locked skipped

    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINNT\system32\config\SYSTEM Object is locked skipped

    C:\WINNT\system32\config\SOFTWARE Object is locked skipped

    C:\WINNT\system32\config\DEFAULT Object is locked skipped

    C:\WINNT\system32\config\Internet.evt Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINNT\system32\h323log.txt Object is locked skipped

    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINNT\SoftwareDistribution\EventCache\{076C70E8-261B-4E8C-87B7-092E56FAF596}.bin Object is locked skipped

    C:\WINNT\WindowsUpdate.log Object is locked skipped

    C:\WINNT\SchedLgU.Txt Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08531E8F.tmp Infected: Trojan.Win32.Crypt.e skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A550593.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 NSIS: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B320B7.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CAB: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38706897.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA2571C.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA50119.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA92B15.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe ZIP: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe CryptFF: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D2A617F.tmp Infected: Worm.Win32.VB.an skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66061DFF.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660947FB Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660D71F8.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D0AFC.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B NSIS: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B CryptFF: infected - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78024601.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B081747.exe Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31367744.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp RarSFX: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp CryptFF: infected - 5 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\jeb\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\History\History.IE5\MSHist012007042620070427\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\jeb\UserData\index.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Recycled\NPROTECT\NPROTECT.LOG Object is locked skipped

    C:\Recycled\Dc14.tmp Infected: Worm.Win32.VB.an skipped

    C:\Recycled\Dc15.tmp Infected: Worm.Win32.VB.an skipped

    C:\Recycled\Dc16.tmp Infected: Worm.Win32.VB.an skipped

    C:\Recycled\Dc17.tmp Infected: Worm.Win32.VB.an skipped

    C:\Recycled\Dc19.tmp Infected: Worm.Win32.VB.an skipped

    C:\Recycled\Dc20/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

    C:\Recycled\Dc20 CAB: infected - 1 skipped

    C:\Recycled\Dc20 CryptFF: infected - 1 skipped

    C:\Recycled\Dc21.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Recycled\Dc22.exe Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Recycled\Dc23.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Recycled\Dc23.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

    C:\Recycled\Dc23.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

    C:\Recycled\Dc23.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

    C:\Recycled\Dc23.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

    C:\Recycled\Dc23.tmp RarSFX: infected - 5 skipped

    C:\Recycled\Dc23.tmp CryptFF: infected - 5 skipped

    C:\Recycled\Dc24.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

    C:\Recycled\Dc25 Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\Recycled\Dc26.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Recycled\Dc27.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Recycled\Dc28.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

    C:\Recycled\Dc28.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

    C:\Recycled\Dc28.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

    C:\Recycled\Dc28.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

    C:\Recycled\Dc28.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

    C:\Recycled\Dc28.exe ZIP: infected - 5 skipped

    C:\Recycled\Dc28.exe CryptFF: infected - 5 skipped

    C:\Recycled\Dc29.tmp Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Recycled\Dc30/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Recycled\Dc30 NSIS: infected - 1 skipped

    C:\Recycled\Dc30 CryptFF: infected - 1 skipped

    C:\Recycled\Dc31.tmp Infected: Trojan.Win32.Crypt.e skipped

    C:\Recycled\Dc32/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

    C:\Recycled\Dc32 NSIS: infected - 1 skipped

    C:\Recycled\Dc32 CryptFF: infected - 1 skipped

    C:\Recycled\Dc33.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

    C:\Recycled\Dc34.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059681.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe NSIS: infected - 4 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe NSIS: infected - 5 skipped

    C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP583\change.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

    D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

    D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe NSIS: infected - 3 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe CryptFF: infected - 3 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe NSIS: infected - 3 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe CryptFF: infected - 3 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe NSIS: infected - 2 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe CryptFF: infected - 2 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe NSIS: infected - 2 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe CryptFF: infected - 2 skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059516.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059517.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059518.exe Infected: P2P-Worm.Win32.VB.dw skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059520.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059521.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

    D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059522.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

    G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
    Logfile of HijackThis v1.99.1
    Scan saved at 6:56:30 AM, on 4/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mgabg.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\Explorer.EXE
    C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    C:\WINNT\system32\PELMICED.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Gateway\EzTune\DTHtml.exe
    C:\WINNT\system32\PDesk\PDesk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    here you go and I have learned my lesson
     
    blrman, Apr 27, 2007
    #16
  17. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks good... everything is either quaratined, in your recycle bin or restore points which can be easily cleaned.

    How is the PC behaving?
     
    KotaGuy, Apr 27, 2007
    #17
  18. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    It is running 100% better I deleted the quarrintines and restore points and will establish new ones. Do you think that I should get the kerpernsky internet security and dump the norton no mre cracked programs thats for sure thanks for all your time and help "blrman"
     
    blrman, Apr 27, 2007
    #18
  19. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    I'm not a big fan of Norton.

    Kasperksy, NOD32(I use this on my PC's and my LapTop), or BitDefender would all be better choices.
     
    KotaGuy, Apr 27, 2007
    #19

Share This Page