Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Elitum.Elitebar Troubles [RESOLVED]

Started by UncleMuck , Jun 10 2005 02:01 PM

  • This topic is locked This topic is locked

#1
UncleMuck
Posted 10 June 2005 - 02:01 PM

UncleMuck

    Member

  • Member
  • PipPip
  • 39 posts
I'm having problems with pop-ups of internet explorer windows(i use firefox) from sites such as http://rotator.adjug...vlet/ajrotator... and elitum.EliteBar appears everytime i use Spybot. Thanks for any help. This duplicates a similar post that was resolved but my logfile is not nearly similar.

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:37 PM, on 6/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\pdfdb.exe
C:\WINDOWS\System32\uzlzzv.exe
C:\WINDOWS\System32\patroxy.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Autodesk Building Systems 2005\acad.exe
C:\DOCUME~1\stevem\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stevem\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.1:1080;https=10.0.0.1:1080
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [3F8h3pX] pdfdb.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelrr32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uzlzzv.exe reg_run
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [IornRfb8h] patroxy.exe
O4 - Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0009.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\Software\..\Telephony: DomainName = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements

#2
therock247uk
Posted 10 June 2005 - 02:09 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [3F8h3pX] pdfdb.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelrr32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uzlzzv.exe reg_run
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [IornRfb8h] patroxy.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab


4. Delete the folders. (if present)

C:\Program Files\Media Access

5. Delete the files. (if present)

C:\WINDOWS\System32\ps1.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Windows\pdfdb.exe or C:\Windows\System32\pdfdb.exe
C:\windows\system32\elitelrr32.exe < And any other file that starts with elite
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\uzlzzv.exe
C:\WINDOWS\System32\WINdirect.exe
C:\Windows\patroxy.exe or C:\Windows\System32\patroxy.exe

6. Reboot and Download FindQoologic from http://forums.net-in...=post&id=134981
Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder. Preferable to your desktop.
Locate and double-click the Find-Qoologic.bat file to run it.
wait until a text opens, post it in a reply to your thread and also a new Hijackthis log.
  • 0

#3
UncleMuck
Posted 10 June 2005 - 02:45 PM

UncleMuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ried to run the Find-Qoologic2.bat file but I received an error message regarding a 16 versus 32 bit DOS subsystem conflict (forgive me if that is not expressed correctly)

What should I do now?
  • 0

#4
UncleMuck
Posted 10 June 2005 - 02:58 PM

UncleMuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I ran the safe mode editing as you described. The only thing that was a little strange was that instead of finding a file named gah95on6.exe, I found a file named gah95on6.ini

I chose not to delete it, please tell me if that was the correct thing to do.

Here is my new Hijackthis logfile. As I stated in the previous post Find-Qoolgic2 would not run.

Logfile of HijackThis v1.99.1
Scan saved at 4:55:00 PM, on 6/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\uzlzzv.exe
C:\Novell\Messenger\NMCL32.exe
C:\Novell\GroupWise\Notify.exe
C:\Novell\GroupWise\GrpWise.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stevem\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.1:1080;https=10.0.0.1:1080
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uzlzzv.exe reg_run
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0009.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\Software\..\Telephony: DomainName = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#5
therock247uk
Posted 10 June 2005 - 03:41 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Can you download and run http://www.visualtou...oads/xp_fix.exe then try opening Findqoologic.
  • 0

#6
UncleMuck
Posted 13 June 2005 - 06:45 AM

UncleMuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
The XP fix worked!
Here is my Qoologic txt file:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* KavSvc C:\WINDOWS\System32\UZLZZV.EXE
* KavSvc C:\WINDOWS\System32\OMSMM.DLL
* KavSvc C:\WINDOWS\System32\OXNXXZB.DLL
* KavSvc C:\WINDOWS\System32\SUPDATE.DLL
* aspack C:\WINDOWS\System32\DAXAABQ.EXE
* aspack C:\WINDOWS\System32\REDIT.CPL
* UPX! C:\WINDOWS\System32\UZLZZV.EXE
* UPX! C:\WINDOWS\System32\OXNXXZB.DLL
* UPX! C:\WINDOWS\System32\SUPDATE.DLL
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* exe C:\docume~1\alluse~1\startm~1\programs\startup\RAUA.EXE

»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f5bd48

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
Adobe Reader Speed Launch.lnk
AutoCAD Startup Accelerator.lnk
DESKTOP.INI
raua.exe

User Startup:
C:\Documents and Settings\stevem\Start Menu\Programs\Startup
.
..
DESKTOP.INI
GroupWise Notify.lnk

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
<NO NAME> REG_SZ NetWareMenuItems

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
<NO NAME> REG_SZ {BDA77241-42F6-11d0-85E2-00AA001FE28C}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mysyyfkn
<NO NAME> REG_SZ {400268b6-401b-446e-969a-7f29bec0614e}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NetWareMenuItems
<NO NAME> REG_SZ {e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

And a new Hijachthis filelog:

Logfile of HijackThis v1.99.1
Scan saved at 8:45:03 AM, on 6/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\uzlzzv.exe
C:\Novell\Messenger\NMCL32.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\stevem\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.1:1080;https=10.0.0.1:1080
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uzlzzv.exe reg_run
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0009.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\Software\..\Telephony: DomainName = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#7
therock247uk
Posted 13 June 2005 - 07:10 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Click here to download Pocket Killbox by Option^Explicit.

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. Double-click on Killbox.exe to run Killbox. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\WINDOWS\System32\UZLZZV.EXE
C:\WINDOWS\System32\OMSMM.DLL
C:\WINDOWS\System32\OXNXXZB.DLL
C:\WINDOWS\System32\SUPDATE.DLL
C:\WINDOWS\System32\DAXAABQ.EXE
C:\WINDOWS\System32\REDIT.CPL
C:\docume~1\alluse~1\startm~1\programs\startup\RAUA.EXE

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

4. While in still safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uzlzzv.exe reg_run

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#8
UncleMuck
Posted 13 June 2005 - 03:41 PM

UncleMuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:40:21 PM, on 6/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Novell\Messenger\NMCL32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Novell\GroupWise\Notify.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\stevem\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.1:1080;https=10.0.0.1:1080
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0009.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\Software\..\Telephony: DomainName = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: Domain = pepin-ae.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{16FB5E32-1385-433C-B5A4-934A9A8379E1}: NameServer = 10.0.0.1,0.0.0.0
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#9
therock247uk
Posted 13 June 2005 - 04:50 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Your log is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Credit to PGPhantom for canned speech.
  • 0

#10
UncleMuck
Posted 15 June 2005 - 07:38 AM

UncleMuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Awesome!! Thanks for the help, its running free and clear again!

Are donations appropriate?
  • 0

#11
therock247uk
Posted 15 June 2005 - 08:15 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP