I was unlucky enough to encounter this awesome "Trojan.win 32.obfuscated.gx" virus. Received like everyone else, by trying to download an "Active X codec" package.
Now when ever I access anything I see the following prompt: "You system was infected by dangerous trojan. Note: your critical files can be lost!" (I'm sure you're familiar with this.)Click OK and it then proceeds to scan the system and install a program, in my case "File Secure". And of course tells you to pay money to remove the threat. etc..... This program couldn't be removed in the "add/remove" control panel.
Here's what I tried so far.....
First I ran Norton, which is up to date and fuctioning. It found nothing.
After searching a little I came across the DDS program on geekstogo. This scan stopped near the end and could not complete. I became suspicious and removed both the Hijackthis and DDS programs. Luckily, my search brough me back to geekstogo and this time I found the following posting, which listed a long process to remove the malware successfully.
http://www.geekstogo...gx-t187118.html
So i dug further to happily find the automated 'FixIEDef' application. At first I though it had work perfectly. It gave me a readout that stated it had found a virus and removed it. (I didn't get a copy, but i assume it removed the the "File Secure" program). When the virus popup persisted I ran it a second time. This time it read......
* *
* FixIEDef Log *
* Version 1.3.10.3351 *
* *
********************************************************************************
Created at 14:24:58 on Monday, April 07, 2008
Time Zone : (GMT-05:00) Eastern Time (US & Canada)
Operating System : Microsoft Windows XP Professional
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
I'm still seeing the popup every time I enter a browser menu. So it occurred to me that this virus could have morphed and that the FixIEDef mat not be able to deal with it fully. Thus, I'm looking for further help. In preparation I've done the following requested steps so far:
1. Run the ATF cleaner utility
2. Set system restore point (could find the option to clear the old ones, despite your included directions)
3. Ran Norton Antivirus again. Important, it first told me that it had successfully resolved the "IEDefender" virus (your software) which I confirmed stupidly. Did I negate the fix that the IEDef had done? Hope not. Ran Norton once more and also found "Adware.ZangoSearch " quoted a low level threat which wasn't being accessed by any outside parties. I removed/quarantined it anyway.
4. Ran Panda ActiveScan
Here's the ActiveScan readout: (below it is the Hijackthis readout and the Uninstall list requested)
ANALYSIS: 2008-04-07 17:44:17
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Norton Internet Security 2007 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Cookies\jonathan moore@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Cookies\jonathan moore@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.mediaplex.com/]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.paycounter.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.clickbank.net/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.bs.serving-sys.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Cookies\jonathan moore@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.questionmarket.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Application Data\Mozilla\Firefox\Profiles\e7lhknzr.default\cookies.txt[.adrevolver.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\Documents and Settings\Jonathan Moore\Cookies\jonathan moore@did-it[1].txt
02905717 Adware/Zango Adware No 0 Yes No F:\System Volume Information\_restore{2BFCCAB7-3601-4A69-A2C2-297B96260227}\RP73\A0023031.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No F:\WINDOWS\CNDR32A.DLL
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
And the HiJackThis notpad log.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:58 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
F:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: FLW Viewer - {38E4618F-E3E4-42E9-925F-6B02C798BD94} - F:\WINDOWS\cndr32a.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] F:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "F:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6887 bytes
The HiJack "Unistall" list......
Adobe Reader 7.0
AI Suite
Alesis iO Firewire
AppCore
Apple Mobile Device Support
Apple Software Update
Arturia Minimoog V v1.0
ASUS WiFi-AP Solo
ASUSUpdate
AV
AVS DVD Player version 2.3
Battlefield 2142
Call of Duty® 2
ccCommon
Delta
Digidesign Shared Plug-Ins
FFOLKES Unlocks mod v1.20c for BF2142
Google Desktop Search
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
InterVideo DVDCopy5
iTunes
JMB36X Raid Configurer
Lexicon Pantheon Reverb DX
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Marvell Miniport Driver
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSRedist
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Oddity v1.0-OxYGeN
PACE System Files
Panda ActiveScan 2.0
PC Probe II
QuickTime
Reason 4.0
Rhino 2.0
Rob Papen Albino 3
Rob Papen BLUE V1.02
Rob Papen Predator V1.1.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SONAR 7 Producer Edition
SoundMAX
SPBBC 32bit
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Virtual Cable Tester
Windows Driver Package - Alesis (AlesisFirewire) MEDIA (06/29/2007 3.0.0.56)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Hopefully this is enough info to work with. I did not yet download or run AVG or SUPWERantisyware yet, simply because I didn't want it to confilct with Norton. Sorry if I hastily ran/removed anything prematurely. I didn't realize the implications until later.
Thanks for the time you put in. This is an amazing service! I'll be waiting.
Cheers!
JOROMO
Edited by JOROMO, 07 April 2008 - 05:09 PM.