Well, you should know about this by now...

Somehow a virus or something has infiltrated my computer and turned off auto protect on my Norton Anti-Virus software.

No matter what I do I cannot enable it. I do not think I have any installation software available and so uninstalling and then reinstalling seems unlikely.

I have done almost every virus/trojan check under the sun, and after cleaning as much as I can, I have found there are still a number of things that i just cannot get rid of. No matter what software I use, after deleting, they just come back. Most of the AV software don't even pick them up.

I will post a hijack this log soon, but in the meantime, how can I sort out Norton? I know alot of people have this problem at the moment, and so ever time i go online to try and scan or check something, I run the risk of getting an even worse virus.

As it currently stands every time I go online after 20 mins, my computer usually crashes...

so please, HELP ME.

Any ideas?

Here is my Hijack log.

Please help, my computer is totally screwed.


Logfile of HijackThis v1.99.1
Scan saved at 22:53:27, on 15/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\temp\mni0I.exe
C:\WINDOWS\shch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\winmes.exe
C:\WINDOWS\System32\ixplorer.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\system32\EcrJU.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\ZsgfezG.exe
C:\WINDOWS\System32\Scmn32Cc.exe
C:\WINDOWS\System32\run.exe

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [5H9C74A5KD6WFR] C:\WINDOWS\System32\LrxH5g.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [Windows Services] Spool32x.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [Windows Services] Spool32x.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [Windows Services] Spool32x.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Guys, here is my Hijackthis logfile. Please help me, as my computer is in a very bad way...


Logfile of HijackThis v1.99.1
Scan saved at 22:53:27, on 15/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\temp\mni0I.exe
C:\WINDOWS\shch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\winmes.exe
C:\WINDOWS\System32\ixplorer.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\system32\EcrJU.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\ZsgfezG.exe
C:\WINDOWS\System32\Scmn32Cc.exe
C:\WINDOWS\System32\run.exe

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [5H9C74A5KD6WFR] C:\WINDOWS\System32\LrxH5g.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [Windows Services] Spool32x.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [Windows Services] Spool32x.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [Windows Services] Spool32x.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Welcome to Geeks to Go!
First, did you download the Microsft Anti-Spyware beta program? (I need to know this so I can help you fix Norton).

Next, we need to remove the pepper trojan from your system. Download this file, run, and let terminate (it'll just blink briefly on your screen and won't appeared to have done much--this is normal):
http://www.geekstogo.com/modules.php?modid...=download&id=18

Post a new HiJackThis log.

Michelle

Nevermind about the Microsoft Anti-Spyware program. I see it's just a worm in disguise.

After running the Pepper Trojan removal in my previous post. Please run a trojan scan from here:

http://www.moosoft.com/

Then download Stinger from here:
http://vil.nai.com/vil/averttools.asp#stinger (Version 2.5.3)

Once you have downloaded this:

Enable show hidden files/folders.
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Reboot into Safe Mode and scan with Stinger.
Remove any entries it finds.
Then run your Norton Anti-Virus as well.

Reboot in normal mode.

Post a new HiJackThis log.

Hi, thanks for getting back to me.

I have used peperfix, I have done the check with stinger (and others) making all hidden files, visible.

It gets rid of more trojans, but the main problem remains. I cannot spend longer than 10 mins on the internet due to it totally crashing, and so all the other online checkers are unavailable to me. This is now proving more of a problem as I am literally fighting to keep my anti-virus systems up to date.

Norton is still diabled.

New log is as follows:




Logfile of HijackThis v1.99.1
Scan saved at 01:38:21, on 24/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\gcasServ.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\50cent.exe
C:\WINDOWS\System32\run.exe
C:\WINDOWS\System32\keyboard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\winmes.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\ixplorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\wuytc.exe
C:\windows\system32\EcrJU.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\System32\svchost323.exe
C:\PROGRA~1\Wipe.com\Wipe9\update.exe
C:\PROGRA~1\Wipe.com\Wipe9\trayagent.exe
C:\Program Files\Password Shield\pwshield.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbkjswx.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [AvG] svchost323.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\RunServices: [AvG] svchost323.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Wipe.com Update] C:\PROGRA~1\Wipe.com\Wipe9\update.exe startup_check
O4 - HKCU\..\Run: [Wipe.com Tray Agent] C:\PROGRA~1\Wipe.com\Wipe9\trayagent.exe startup
O4 - HKCU\..\Run: [pwshield.exe] C:\Program Files\Password Shield\pwshield.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AvG] svchost323.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\Prevx Home\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I had been searching the internet for ways to fix my Norton Antivirus, which would not autostart. On March 17, somehow this elite toolbar began showing up and my Norton did not detect it. I tried numerous online scans and discovered numerous other trojan infestations in my system. How did these all get past Norton????
Well, back to the problem, in my case, I

1.)Went to my Control Panel (I am running Windows XP Professional)
2.)Open up administrative tools
3.)Open up services
4.)Scroll down until you see Norton Antivirus Autoprotect
5.)Click on automatic

Mine had somehow been changed to manual. This solved my problem. Let me know if it works for you.

CDHM

I used AVG, AntiVir, The Cleaner, Anti Elite Toolbar Program, etc...

no that doesnt work for me.

Whatever this is, it completely removes the option to have auto-protect on. I try to activate it and it just does not come on, just continues to be disabled.

I have tried everyway I can think of to turn it on and activate it, but I am sure it is a trojan that got through the backdoor.

Anyways i have had enough of it so I have simply wiped my hard drive. Desperate times call for desperate measures I am afraid.

I'm sorry to hear that you reformatted, but I'm sure it's running smoothly now (I would hope so!). I know how to fix auto-protect on Norton. Something removes a file from Startup that it needs for auto-protect. Just a simple registry edit is all it takes to put the file back into Startup. Having any problems?

Michelle