Please, need help - Gladiator Security Forum

Welcome Guest ( Log In | Register )

Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Please, need help

Options

Tennisguy View Member Profile	Dec 21 2005, 08:32 PM Post #1
Active Member Group: Active Members Posts: 25 Joined: 30-July 04 Member No.: 9356	I think i got a virus yesterday, at first Norton said it deleted trojan.Zlob and Trojan.Spaxe however it seems they are coming back. Also everytime the computer restarts a windows installer box keeps popping up. Any help is greatly appreciated. Thank you. Logfile of HijackThis v1.99.1 Scan saved at 12:29:49 PM, on 12/21/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTSvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\mssearchnet.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Common Files\AOL\1133516273\ee\aolsoftware.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\nvctrl.exe C:\Program Files\Common Files\Symantec Shared\ccLgView.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ F2 - REG:system.ini: Shell= O2 - BHO: (no name) - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133516273\ee\AOLSoftware.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2047f4c0d05f8c...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107146797449 O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2614.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

LoPhatPhuud View Member Profile	Dec 21 2005, 10:14 PM Post #2
Master of Disaster Recovery Group: General Admin Posts: 15208 Joined: 24-March 03 From: Albuquerque, NM Member No.: 2879	First: Download SpyAxeFix.exe © noahdfear. Save it to your desktop. Close all other programs and windows. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. A text file named spyaxe.txt will be created in the SpyAxeFix folder. Post the contents of that log please. Second: Please download, install, and update the free version of Ewido Security Suite: http://www.ewido.net/en/download/ [1]From the main ewido screen, click on update in the left menu, then click the Start update button. [2]After the update finishes (the status bar at the bottom will display "Update successful") Close the program after updating (don't scan with it yet, we'll do that in SAFE MODE) Copy the following instructions to have handy as you will need to be offline, in SAFE MODE and with IE closed so you will not be able to view this page during the process. Reboot your PC into SAFE MODE How to start the computer in Safe mode http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Next, run a scan with Ewido. [3]Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so please be patient [4]If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. [5]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. Copy and paste the results from that scan back here please for review :) Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended). You will still be able to manually update Ewido using the update* button :) Third: Check the following items in HijackThis. (note: If any R items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)* F2 - REG:system.ini: Shell= O2 - BHO: (no name) - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - (no file) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2047f4c0d05f8c...ip/RdxIE601.cab Close all windows except HijackThis and click Fix checked. Reboot in normal mode Run HiJackThis again and post a new log in this thread. Last: Download 'Autoruns' from here: http://www.sysinternals.com/Utilities/Autoruns.html Unzip to a folder and the double click on autoruns.exe Wait until the program has finished running (the status line will show 'Ready') Under the 'Options' menu, make sure that 'Include Empty Sections' is checked. Wait again until ready. Be sure the 'Everything' tab is selected. Select 'File -> Save' and save the output file. Copy the contents of the Autoruns text file and post its contents in this thread. -------------------- Happiness ain't a thing in itself--it's only a contrast with something that ain't pleasant. Mark Twain

Tennisguy View Member Profile	Dec 22 2005, 12:15 AM Post #3
Active Member Group: Active Members Posts: 25 Joined: 30-July 04 Member No.: 9356	heres the log from auto runs HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit + C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Advanced Tools Check Norton AntiVirus Advanced Tools Integrity Checker Symantec Corporation c:\program files\norton antivirus\advtools\advchk.exe + ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe + ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe + CreativeMixer Creative Mixer Loader Creative Technology Ltd. c:\program files\creative\audio\program\ctmix32.exe + D-Link Air Utility D-Link Wireless LAN Monitor D-Link c:\program files\d-link\air utility\aircfg.exe + Disc Detector Disc Detector Creative Technology Ltd. c:\program files\creative\sharedll\ctnotify.exe + HostManager AOL America Online, Inc. c:\program files\common files\aol\1133516273\ee\aolsoftware.exe + MMTray mm_tray Musicmatch, Inc. c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe + NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe + QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe + Symantec NetDriver Monitor Symantec Security Drivers Install Monitor Symantec Corporation c:\program files\symnetdrv\sndmon.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\danny pasek\Start Menu\Programs\Startup + SpywareGuard.lnk SpywareGuard c:\program files\spywareguard\sgmain.exe HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run + kernel32.dll File not found: C:\WINDOWS\System32\mssearchnet.exe + nvctrl.exe c:\windows\system32\nvctrl.exe + wininet.dll c:\windows\system32\mscornet.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run + Aim6 AOL America Online, Inc. c:\program files\common files\aol\launch\aollaunch.exe + ATI Launchpad ATI Multimedia Center Launchpad ATI Technologies Inc. c:\program files\ati multimedia\main\launchpd.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll + Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll + Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe + Internet Explorer Access IOD Version Map Microsoft Corporation c:\windows\system32\iesetup.dll + Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe + Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll + Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe + Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe + Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe + Windows Messenger 4.0 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Windows Update File not found: C:\WINDOWS\System32\ioctrl.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll + WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + ewido shell guard c:\program files\ewido anti-malware\shellhook.dll + shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + spywareguard.dll SpywareGuard Protection c:\program files\spywareguard\spywareguard.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll + &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll + Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll + Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl + Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll + CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll + Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll + Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll + ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll + Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + Dell DJ Explorer Dell DJ Explorer Plugin Creative Technology Ltd c:\program files\dell\dell dj explorer\ctojbns.dll + DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll + Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll + Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll + Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll + Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll + Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll + Display Panning CPL Extension File not found: deskpan.dll + Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll + Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll + E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll + Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll + Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll + FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll + GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll + ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll + IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + iTunes iTunes Mini Player DLL Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll + Media Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll + Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll + Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll + Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll + Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll + MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl + MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll + Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll + Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll + NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll + Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll + OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll + PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll + Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll + Portable Media Devices Menu Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll + PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll + Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll + Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll + Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll + Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll + Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll + Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll + Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl + Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll + Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll + Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll + Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll + Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll + Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll + spywareguard.dll SpywareGuard Protection c:\program files\spywareguard\spywareguard.dll + Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll + Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll + Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll + Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll + Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll + Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll + Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll + WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll + Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll + Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Web Folders c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + HomepageBHO c:\windows\system32\hp4116.tmp HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar + Norton AntiVirus File not found: C:\Program Files\Norton AntiVirus\NavShExt.dll HKLM\Software\Microsoft\Internet Explorer\Extensions + AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe Task Scheduler + Norton AntiVirus - Scan my computer - danny pasek.job Norton AntiVirus Scanner Module Symantec Corporation c:\program files\norton antivirus\navw32.exe + Symantec NetDetect.job Symantec NetDetect Symantec Corporation c:\program files\symantec\liveupdate\ndetect.exe HKLM\System\CurrentControlSet\Services + Ati HotKey Poller c:\windows\system32\ati2evxx.exe + ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe + AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + ccEvtMgr Symantec Event Manager Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe + ccSetMgr Symantec Settings Manager Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe + Creative Service for CDROM Access Creative Service for CDROM Access Creative Technology Ltd c:\windows\system32\ctsvccda.exe + CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe + Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe + Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\svchost.exe + Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe + ewido security suite control ewido control ewido networks c:\program files\ewido anti-malware\ewidoctrl.exe + ewido security suite guard guard ewido networks c:\program files\ewido anti-malware\ewidoguard.exe + helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe + navapsvc Handles Norton AntiVirus Auto-Protect events. Symantec Corporation c:\program files\norton antivirus\navapsvc.exe + NPFMntor Detects installation of Symantec Firewall clients Symantec Corporation c:\program files\norton antivirus\iwp\npfmntor.exe + NProtectService Norton Protection Status Symantec Corporation c:\program files\norton antivirus\advtools\nprotect.exe + PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe + PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe + ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe + RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe + SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe + SBService Norton AntiVirus ScripBlocking Service Symantec Corporation c:\program files\common files\symantec shared\script blocking\sbserv.exe + Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe + SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe + ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe + SNDSrvc Symantec Network Drivers Service Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe + SPBBCSvc Symantec SPBBC Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe + Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe + srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe + Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe + Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe + TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe + uploadmgr Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe + wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe + wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe + WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe HKLM\System\CurrentControlSet\Services + ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys + admload File not found: C:\DOCUME~1\DANNYP~1\LOCALS~1\Temp\admload.sys + aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys + AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys + agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys + ANIO ANIO (NT5) Driver Alpha Networks Inc. c:\windows\system32\anio.sys + AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys + atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys + ati2mtag ATI Radeon Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys + Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys + audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys + BNPDRIVE File not found: C:\DOCUME~1\DANNYP~1\LOCALS~1\Temp\BNPDRIVE.SYS + Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys + Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys + DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys + drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys + es1371 ENSONIQ AudioPCI 97 WDM Audio Miniport Creative Technology Ltd. c:\windows\system32\drivers\es1371mp.sys + ewido security suite driver c:\program files\ewido anti-malware\guard.sys + FA312 NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver NETGEAR Corp. c:\windows\system32\drivers\fa312nd5.sys + FastLynx c:\program files\fastlynx\fastlynx.sys + Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys + Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys + Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys + gameenum Game Port Enumerator Microsoft Corporation c:\windows\system32\drivers\gameenum.sys + GEARAspiWDM CDRom Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys + Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys + hmskssrv File not found: C:\DOCUME~1\DANNYP~1\LOCALS~1\Temp\hmskssrv.sys + HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys + i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys + Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys + intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys + ip6fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys + IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys + IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys + IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys + IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys + IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys + isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys + jccdecod File not found: C:\DOCUME~1\DANNYP~1\LOCALS~1\Temp\jccdecod.sys + jgameenu File not found: C:\DOCUME~1\DANNYP~1\LOCALS~1\Temp\jgameenu.sys + Jukebox USB Player Drivers (WDM) Creative Technology Ltd. c:\windows\system32\drivers\ctpdusb2.sys + Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys + kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys + Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys + MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys + MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys + MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys + mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys + NAVENG AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20051220.023\naveng.sys + NAVEX15 AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20051220.023\navex15.sys + NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys + Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys + NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys + NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys + NETR33X NDIS 5.1 Driver D-Link. All Rights Reserved. c:\windows\system32\drivers\netr33x.sys + NPDriver Norton Protection Driver Symantec Corporation c:\windows\system32\drivers\npdriver.sys + NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys + NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys + Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys + PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys + PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys + PfModNT PCI/ISA Device Info. Service Creative Technology Ltd. c:\windows\system32\pfmodnt.sys + PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys + Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys + PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys + RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys + Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys + RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys + Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys + RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys + redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys + SAVRT AutoProtect Symantec Corporation c:\program files\norton antivirus\savrt.sys + SAVRTPEL SAVRTPEL Symantec Corporation c:\program files\norton antivirus\savrtpel.sys + sbpci WDM Audio Miniport Creative Technology Ltd. c:\windows\system32\drivers\sbpci.sys + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys + serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys + Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys + SMBios Intel® System Management BIOS Driver Intel Corporation c:\windows\system32\drivers\smbios.sys + SPBBCDrv SPBBC Driver Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys + splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys + swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys + swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys + SYMDNS DNS Filter Driver Symantec Corporation c:\windows\system32\drivers\symdns.sys + SymEvent Symantec Event Library Symantec Corporation c:\program files\symantec\symevent.sys + SYMFW Firewall Filter Driver Symantec Corporation c:\windows\system32\drivers\symfw.sys + SYMIDS IDS Filter Driver Symantec Corporation c:\windows\system32\drivers\symids.sys + SYMIDSCO IDS Core Driver Symantec Corporation c:\program files\common files\symantec shared\symcdata\ids-diskless\20051208.051\symidsco.sys + symlcbrd Symantec Core Component Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys + SYMNDIS NDIS Filter Driver Symantec Corporation c:\windows\system32\drivers\symndis.sys + SYMREDRV Redirector Filter Driver Symantec Corporation c:\windows\system32\drivers\symredrv.sys + SYMTDI Network Dispatch Driver Symantec Corporation c:\windows\system32\drivers\symtdi.sys + sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys + Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys + TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys + Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys + usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys + usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys + usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys + VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys + ViaIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\viaide.sys + Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys + wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys + WS2IFSL Winsock2 IFS Layer Microsoft Corporation c:\windows\system32\drivers\ws2ifsl.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe HKLM\SOFTWARE\Microsoft\Command Processor\Autorun HKCU\SOFTWARE\Microsoft\Command Processor\Autorun HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll + comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll + gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll + imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll + kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll + lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll + ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll + oleaut32 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems Microsoft Corporation c:\windows\system32\oleaut32.dll + olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll + olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll + olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll + olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll + rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll + shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll + url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll + urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll + user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll + version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll + wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll + wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll + cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll + cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll + ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll + SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll + wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKCU\Control Panel\Desktop\Scrnsave.exe + C:\WINDOWS\System32\logon.scr Logon Screen Saver Microsoft Corporation c:\windows\system32\logon.scr HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 + MSAFD NetBIOS [\Device\NetBT_Tcpip_{1CF5A997-1B9B-4764-8576-7E2C75067F12}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{1CF5A997-1B9B-4764-8576-7E2C75067F12}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{392DC379-350C-44C8-A533-5BE71F6769D3}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{392DC379-350C-44C8-A533-5BE71F6769D3}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{63831809-F2E5-4C4F-A64C-FA57E5EF6E14}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{63831809-F2E5-4C4F-A64C-FA57E5EF6E14}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD NetBIOS [\Device\NetBT_Tcpip_{6C36DE26-7E63-49D6-9173-9CC52E1319B6}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll + MSAFD N

Tennisguy View Member Profile	Dec 22 2005, 12:23 AM Post #4
Active Member Group: Active Members Posts: 25 Joined: 30-July 04 Member No.: 9356	it didnt put everything up, here is the other logs. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:32:25 PM, 12/21/2005 + Report-Checksum: 512E731A + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup C:\WINDOWS\system32\mssearchnet.exe -> Downloader.Zlob.dd : Cleaned with backup ::Report End and heres the last one from smitexe smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Wed 12/21/2005 The current time is: 14:41:55.51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ld**.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp.tmp ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacok@beyondlogic.org Killing PID 1448 'explorer.exe' Killing PID 1448 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ld**.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp*.tmp ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~

LoPhatPhuud View Member Profile	Dec 22 2005, 01:04 AM Post #5
Master of Disaster Recovery Group: General Admin Posts: 15208 Joined: 24-March 03 From: Albuquerque, NM Member No.: 2879	First: Launch Notepad, and copy/paste in the box below to a new text file. Save it on your Desktop as fixme.reg CODE Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer 'Yes' and wait for a message to appear similar to "Merged Successfully". Reboot in Normal Mode Second: Open a Command Prompt Window (Start -> Run -> cmd) Enter the following commands: (then press 'Enter') sc delete jccdecod sc delete jgameenu exit Third: Verfiy the following files have been deleted. (delete if present) C:\WINDOWS\System32\mssearchnet.exe c:\windows\system32\nvctrl.exe c:\windows\system32\mscornet.exe Last: Run HiJckThis again and post a new log in this thread. [/b] -------------------- Happiness ain't a thing in itself--it's only a contrast with something that ain't pleasant. Mark Twain

Tennisguy View Member Profile	Dec 22 2005, 01:36 AM Post #6
Active Member Group: Active Members Posts: 25 Joined: 30-July 04 Member No.: 9356	heres the new hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 5:34:10 PM, on 12/21/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTSvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1133516273\ee\AOLSoftware.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\System32\hpF38D.tmp (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133516273\ee\AOLSoftware.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107146797449 O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2614.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

LoPhatPhuud View Member Profile	Dec 22 2005, 02:02 AM Post #7
Master of Disaster Recovery Group: General Admin Posts: 15208 Joined: 24-March 03 From: Albuquerque, NM Member No.: 2879	That looks real good. Two items to remove that were probably blocked by some aspect of Symantec. First: Reboot into Safe Mode. Check the following items in HijackThis. (note: If any R items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)* O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\System32\hpF38D.tmp (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) Close all windows except HijackThis and click Fix checked. Reboot in normal mode Run HiJackThis again and post a new log in this thread. Second: Lecture time... Unless you really enjoy a compromised, infected system, then updates to Windows SP1, SP2, and all other critical updates is mandatory. These updates are no longer a luxury. Most of the current exploits will gladly take advantage of a vulnerable system. Many security enhancements have been added since the original XP version. Please upgrade as soon as possible. -------------------- Happiness ain't a thing in itself--it's only a contrast with something that ain't pleasant. Mark Twain

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 07:12 PM

Licensed to: Gladiator-Antivirus-Forums

Design by: Skins IPB & Web Browsers