Item removed.
I Have not noticed anything obvious. My dad uses this machine quite a lot and he's quite a newbie, thats how i got bogged down with all this trouble originally, he does'nt know enough yet to be able to avoid all the tricks, scams and spurious popups. I have my browser security set real high, to the extent that i have to click to approve nearly every bit of scripting, usually several times for every page. It's a pain in the [bleep] but it allows me to maintain some control of my browser, maybe i'm wrong about that, or perhaps there's a better way. I've instructed my dad to click on "no" every time unless the page does'nt load and he knows it is a reputable site, i was under the impression that that tactic would work quite well... Before that there was new spyware and unidentified desktop icons and stuff in the task bar nearly every week!
Everything seems to be back in order now, no more popups yet and norton has been quiet ever since. There does appear to be a wild number of processes running but i figure thats just innefficient configuration. I once knew of a helpfull site which listed nearly all the known task manager processes and classified them as malicious, system critical or just downright innefficient 3rd party resource hoggers etc. It was very helpfull and i was able to get the process count down to around 25, it's sitting at 41 at the moment!
Anyway enough waffling, here is my updated logfile...
Logfile of HijackThis v1.99.1
Scan saved at 13:46:39, on 02/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\ALCWZRD.EXE
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
I:\Program Files\ewido\security suite\ewidoctrl.exe
I:\Program Files\Lexmark X5100 Series\lxbabmon.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\System32\ctfmon.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Documents and Settings\Lord Morbius\Desktop\anit virus folder\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ABIT uGuru] I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1120388988000O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - I:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe