[Gambro]

Middie
I am having an issue running the Panda Soft scan... it is automatically closing down the browser when its done, so is not allowing me to see or generate any report. I copied and pasted the online counter the last time I saw it finished and here is where it was at:


Detected Disinfected
Virus 0 0
Spyware 57 0
Hacking tools and rootkits 2 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0


In regards to the firewall and virus scanner, please let me know which ones you suggest running if Norton is not acceptable (I am not concerned about my subscription, would rather have a better solution if there is one per your comments). I did notice that when I installed the Norton software my computer was noticably slow on log-in though.

thx

[Advertisements]

Hi Gambro,

In regards to the firewall and virus scanner, please let me know which ones you suggest running if Norton is not acceptable (I am not concerned about my subscription, would rather have a better solution if there is one per your comments). I did notice that when I installed the Norton software my computer was noticably slow on log-in though.

thx

It's not so much what is 'acceptable' (at least to me), but what works for you. I was/am student and fan of Peter Norton, for many years and his products. But several years ago his product was sold to a large corp. Many times events like this has made the product, bloated-- imho. Slowing a system to a crawl from all of the services and programs
running is one issue you are dealing with and have recognized.

You could, if you want and still have your product cd and the key, uninstall it for a trial time to see how your system runs. Don't do this without another antivirus and firewall. You could try a couple of free programs. Note: Norton will remember your previous registration date and if you reinstall it later, by your choice, your registration and original time period will be intact. Also note the Norton Password manage is
installed, and if you are relying on it ENTIRELY to remember your passwords, you may not be able to access sites if you do not remember their password or have a password backup system.

You can see that Norton has already missed the mass mailing worm you had, and they do have information on their site about it. It happens to even the best from time to time.

So, if you want, and still have the ZoneAlarm Firewall you could use it with a free antivirus program.

Two good, free to home user anti virus programs are: (Pick just one)

AVG Free AVG AntiVirus Free
and
Avast!Avast Free AVG

If you intend to uninstall Norton (Symantec) to try these, follow these steps

• Download either anti-virus program first. DO NOT attempt to install yet.
  
• Make sure you have ZoneAlarm still on your computer or re-download it in preparation to install it
• First disable your internet connection. We don't want anything sneaking in or out while doing these steps. Either unplug it if easy to reach, or disable the network device in Start > Control Panel > Network Connections. It will be easy to re-enable when ready.
• Second, right click and disable or close and exit Norton(Symantec) AntiVirus and Norton Internet Security in your system tray. Ok at the warning prompts or pick 5 minutes if it asks for a time to disable.
• Third, go to Start > Control Panel > Add/Remove Programs and start with Norton Internet Security, then Antivirus and work your way up and down the list of Norton(Symantec) programs. You may have to reboot once before continuing to remove it all.
• Fourth, re-enable or re-install the ZoneAlarm Firewall. Be sure your Windows Firewall is not also active. ZA usually disables the default Windows Firewall. Don't run TWO firewalls at any time.
• Fifth, install the anti virus program you chose. At some point it will want you to go online to update the virus database. At that time, re-connect or re-enable your network connection, and it will update. Either one will want to do a complete system scan
  and you will have to register (free). Let it scan, and copy any logs or reports to include back here.

Now, to work more on your cleaning;

The Panda, Kaspersky and AVG AS scans do provide us with valuabe information. Not a lot of luck so far, and I am sorry it can take a while to run any of these scans. Let's try this:

If you are the parent or adult owner of this system, I want you to boot into Safe Mode as before, but this time select to log into user: Kari , presuming it is not a limited user account (shouldnt be with the activity I can see).

Now run AVG AntiSpyware again from this user, while in Safe Mode. The settings should be the same as before and let's see if we can get a complete log. When the log comes up, use <Control - A> to highlight all of the text, open Notepad and use <Control - V> to paste it into
the new Notepad. Use Save AS and save the file as something you will remember in Local Disk C, Documents and Settings, Kathryn (if that's you), Desktop as a TEXT File. THis way you can find it when you reboot into your profile.

Now if that has run and you have this, REBOOT.

Select your profile, and run a new HJT Log. POST the new HJT log and the AVG A/S text for me please. Tell me if anything is running better.

Regards,


Middie

Edited by Middie042, 26 November 2006 - 09:27 AM.

[Middie042]

Hi Gambro,

In regards to the firewall and virus scanner, please let me know which ones you suggest running if Norton is not acceptable (I am not concerned about my subscription, would rather have a better solution if there is one per your comments). I did notice that when I installed the Norton software my computer was noticably slow on log-in though.

thx

It's not so much what is 'acceptable' (at least to me), but what works for you. I was/am student and fan of Peter Norton, for many years and his products. But several years ago his product was sold to a large corp. Many times events like this has made the product, bloated-- imho. Slowing a system to a crawl from all of the services and programs
running is one issue you are dealing with and have recognized.

You could, if you want and still have your product cd and the key, uninstall it for a trial time to see how your system runs. Don't do this without another antivirus and firewall. You could try a couple of free programs. Note: Norton will remember your previous registration date and if you reinstall it later, by your choice, your registration and original time period will be intact. Also note the Norton Password manage is
installed, and if you are relying on it ENTIRELY to remember your passwords, you may not be able to access sites if you do not remember their password or have a password backup system.

You can see that Norton has already missed the mass mailing worm you had, and they do have information on their site about it. It happens to even the best from time to time.

So, if you want, and still have the ZoneAlarm Firewall you could use it with a free antivirus program.

Two good, free to home user anti virus programs are: (Pick just one)

AVG Free AVG AntiVirus Free
and
Avast!Avast Free AVG

If you intend to uninstall Norton (Symantec) to try these, follow these steps

• Download either anti-virus program first. DO NOT attempt to install yet.
  
• Make sure you have ZoneAlarm still on your computer or re-download it in preparation to install it
• First disable your internet connection. We don't want anything sneaking in or out while doing these steps. Either unplug it if easy to reach, or disable the network device in Start > Control Panel > Network Connections. It will be easy to re-enable when ready.
• Second, right click and disable or close and exit Norton(Symantec) AntiVirus and Norton Internet Security in your system tray. Ok at the warning prompts or pick 5 minutes if it asks for a time to disable.
• Third, go to Start > Control Panel > Add/Remove Programs and start with Norton Internet Security, then Antivirus and work your way up and down the list of Norton(Symantec) programs. You may have to reboot once before continuing to remove it all.
• Fourth, re-enable or re-install the ZoneAlarm Firewall. Be sure your Windows Firewall is not also active. ZA usually disables the default Windows Firewall. Don't run TWO firewalls at any time.
• Fifth, install the anti virus program you chose. At some point it will want you to go online to update the virus database. At that time, re-connect or re-enable your network connection, and it will update. Either one will want to do a complete system scan
  and you will have to register (free). Let it scan, and copy any logs or reports to include back here.

Now, to work more on your cleaning;

The Panda, Kaspersky and AVG AS scans do provide us with valuabe information. Not a lot of luck so far, and I am sorry it can take a while to run any of these scans. Let's try this:

If you are the parent or adult owner of this system, I want you to boot into Safe Mode as before, but this time select to log into user: Kari , presuming it is not a limited user account (shouldnt be with the activity I can see).

Now run AVG AntiSpyware again from this user, while in Safe Mode. The settings should be the same as before and let's see if we can get a complete log. When the log comes up, use <Control - A> to highlight all of the text, open Notepad and use <Control - V> to paste it into
the new Notepad. Use Save AS and save the file as something you will remember in Local Disk C, Documents and Settings, Kathryn (if that's you), Desktop as a TEXT File. THis way you can find it when you reboot into your profile.

Now if that has run and you have this, REBOOT.

Select your profile, and run a new HJT Log. POST the new HJT log and the AVG A/S text for me please. Tell me if anything is running better.

Regards,


Middie

Edited by Middie042, 26 November 2006 - 09:27 AM.

[Gambro]

Middie
Here are the results - looks like the spamming has stopped, but the computer still takes a while to log on to. Is there anything else I can be doing?



AVG Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:25:39 PM 27/11/2006

+ Scan result:



C:\Documents and Settings\Kari\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Cookies\kari@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nick\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Nick\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Nick\Cookies\nick@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kari\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Kari\Cookies\kari@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end



HJT Report

Logfile of HijackThis v1.99.1
Scan saved at 4:51:23 PM, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

[Middie042]

Hi Gambro:


Great news, it took a bit to uncover that mailworm!

Yes there are several steps to take, but first-which AntiVirus did you download and install? Norton Internet Security is still running, we don't want a duplicate AV or firewall. I see ZoneAlarm, but no AVG or Avast running. The AVG AntiSpyware is AntiSpyware only, not AntiVirus.

It's ok to keep Norton if you want, but I can tell you from experience it slows down the computer by quite a bit. Just let me know what you have decided.

Lets' run another AVG update and scan. It will be better than downloading and running another lengthy scan and should confirm your computer is clean, as the log looks good.

Please follow these steps, boot back into Safe Mode to run the scan, and post the resulting log from AVG.

Run AVG Anti-Spyware and update the definition files.

• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware

Reboot into Safe Mode: You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

• IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

There are several things we can do to help speed up the loading, but first we must be able to give an all clear for infections. Here is a couple of notes from last post about setting AVG AS and Moosoft The Cleaner from being active and loaded. Revisit this and remove them from the system tray. If you are not sure, just let me know. Just inactivating AVG and
keeping it from loading at start up will make a dent in the speed. We can move on to a couple of others after clean log.

From Last Post:
We will disable the AVG AntiSpyware from actively running, but not uninstall it for future use. You will be able to run it on demand, update the definitions when you do, and not have it running to
conserve resources. Here's how:

Right click on the AVG icon in the task tray. Unselect both Resident Shield and Start with Windows. You can disregard the notes about leaving you unprotected from AVG at this point. Select EXIT and it will be out of the system tray. It will not load, but you can use it
from the Programs feature when necessary. If it subsequently loads into the system tray, follow the steps to stop it as needed.

Definitely consider disabling the Moosoft The Cleaner at this time. Both the registry tracker and antispyware feature. Uninstall it if you cannot inactivate it. If it will allow you to disable in much the same manner as AVG, that would be good.


POst the AVG log , ONE final HJT log, and advise on what you want to do on Antivirus and firewall. Once clean, I can help out with a few ideas to 'speed things up'.

Regards,


Middie

[Gambro]

Middie
I have removed Norton (except for the Password Manager) and am using AVG AntiVirus Protection and ZoneAlarm Firewall now.

Here are the AVG AntiSpyware and HJT Logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:42:22 AM 30/11/2006

+ Scan result:



C:\Documents and Settings\Kathryn\Cookies\kathryn@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SYSTEM32\wnscpsv.exe -> Trojan.Small : Cleaned.


::Report end


HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:11:47 PM, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\RunOnce: [Shockwave 10] "C:\WINDOWS\system32\Macromed\Shockwave 10\swinit.exe"
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

[Middie042]

Hello Gambro:

Clean log!

Here's some performance tips you asked about. Several programs and services are 'running in the background', waiting to see if you want to use them
But they consume resources. We can set them to not run on startup, but they will always be there, to load when called for. We won't uninstall them. One example is
Realplayer update, another is AdobeAcroreader update, etc etc.

You also still have Symantec LiveUpdate Scheduler running. You can uninstall this from the Control Panel, Add/Remove Programs, and uninstall LiveUpdate. With no Symantec or Norton
Programs to update, it is consuming some resources.

After uninstalling LiveUpdate, and rebooting if required:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE <==this always checks with quicken to see if you have recent updates, if you use Quicken, you can update manually
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <==this is the MS OfficeToolbar

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot

Please note that I have left several alone, not knowing how you use or depend upon them. Items like the Palm, Skyscape,MobiPocket, DantzRestrospect, Ipod and a few others are
probably important to you. Feel free to reply if you want to inquire further about some of these, or uninstall the programs if you DONT use them at all.

Now concerning AVG AntiSpyware. I use it, but I find it slows my system down a noticeable bit. I have disable the Guard and do not let it run all the time. I don't mean the
AVG AntiVIRUS, but the AntiSpyware. It will always be there for ondemand scanning, but if you want to see how your computer runs without it:

Right click on the AS icon, uncheck Guard and uncheck Load on Windows Starting. Then Select Exit.

Give it a whirl, let me know if questions or other issues arise.

You can delete any programs or folders we downloaded for fixes in a few days. Programs like BitDefender, Kaspersky AV Scan, etc are excellent on demand scanners and stay with
you if you like. After a few days of no problems, if you want to delete whichever for housekeeping, go ahead.

Congratulations - Your Log is Clean!

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Reenable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

[Gambro]

thanks Middie.... it does seem noticable faster on boot up now by removing Norton and using AVG. I will do try the rest of the suggestions. Thanks again for all of your help!

[OwNt]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.