[Ian Norttingham]

I would like to receive some help with a file named wininet.dll, in the system32 directory, that is infected with w32.desktophijack, and when the norton 2004 finds it, it cannot be cleaned, because it´s used, and i cannot delete either. i´m a novice in this site...

Logfile of HijackThis v1.99.1
Scan saved at 18:24:38, on 16/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe
C:\Arquivos de programas\Sygate\SPF\smc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Arquivos de programas\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\ARQUIV~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\ARQUIV~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\ARQUIV~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Arquivos de programas\DC++\DCPlusPlus.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\DC++\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auth.ig.com.br/
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Arquivos de programas\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SmcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download with GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://netbanking2....reControl2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...366/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE21113D-24D0-45C3-9030-274750441508}: NameServer = 200.225.159.124 200.225.159.126
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\ARQUIV~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)


Ad Aware Log

Ad-Aware SE Build 1.06r1
Logfile Created on:sábado, 16 de julho de 2005 18:52:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\ARQUIV~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

16-7-2005 18:47:48 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R54 14.07.2005
Internal build : 63
File location : C:\ARQUIV~1\Lavasoft\AD-AWA~1\defs.ref
File size : 496849 Bytes
Total size : 1499538 Bytes
Signature data size : 1467043 Bytes
Reference data size : 31983 Bytes
Signatures total : 41785
CSI Fingerprints total : 962
CSI data size : 33758 Bytes
Target categories : 15
Target families : 715


16-7-2005 18:51:53 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:30 %
Total physical memory:523808 kb
Available physical memory:154636 kb
Total page file size:1280628 kb
Available on page file:902788 kb
Total virtual memory:2097024 kb
Available virtual memory:2040760 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


16-7-2005 18:52:58 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 16-7-2005 17:25:11
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 16-7-2005 17:25:12
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 16-7-2005 17:25:13
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 16-7-2005 17:25:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicativo de serviços e controle
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 16-7-2005 17:25:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 16-7-2005 17:25:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 788
ThreadCreationTime : 16-7-2005 17:25:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [stylexpservice.exe]
FilePath : C:\Arquivos de programas\TGTSoft\StyleXP\
ProcessID : 816
ThreadCreationTime : 16-7-2005 17:25:15
BasePriority : Normal
FileVersion : 0, 20, 0, 0
ProductVersion : 0, 20, 0, 0
ProductName : StyleXPService Module
FileDescription : StyleXPService Module
InternalName : StyleXPService
LegalCopyright : Copyright 2001
OriginalFilename : StyleXPService.EXE

#:9 [smc.exe]
FilePath : C:\Arquivos de programas\Sygate\SPF\
ProcessID : 920
ThreadCreationTime : 16-7-2005 17:25:16
BasePriority : Normal
FileVersion : 5.5.00.2577
ProductVersion : 5.5.00.2577
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:10 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 16-7-2005 17:25:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Executa uma DLL como um aplicativo
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : RUNDLL.EXE

#:11 [directcd.exe]
FilePath : C:\Arquivos de programas\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 1172
ThreadCreationTime : 16-7-2005 17:25:23
BasePriority : Normal
FileVersion : 5.10 (115)
ProductVersion : 5.10 (115)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe

#:12 [ccapp.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\Symantec Shared\
ProcessID : 1184
ThreadCreationTime : 16-7-2005 17:25:24
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:13 [ghoststarttrayapp.exe]
FilePath : C:\Arquivos de programas\Norton SystemWorks\Norton Ghost\
ProcessID : 1192
ThreadCreationTime : 16-7-2005 17:25:24
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:14 [acctmgr.exe]
FilePath : C:\Arquivos de programas\Norton SystemWorks\Password Manager\
ProcessID : 1204
ThreadCreationTime : 16-7-2005 17:25:25
BasePriority : Normal
FileVersion : 2004.1.127
ProductVersion : 2004.1.127
ProductName : Norton Password Manager
CompanyName : Symantec Corporation
FileDescription : Password Manager Controller
InternalName : AcctMgr
LegalCopyright : Copyright © 2003-2003 Symantec Corporation
OriginalFilename : AcctMgr.EXE

#:15 [avgcc.exe]
FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\
ProcessID : 1224
ThreadCreationTime : 16-7-2005 17:25:26
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:16 [avgemc.exe]
FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\
ProcessID : 1248
ThreadCreationTime : 16-7-2005 17:25:27
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:17 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1256
ThreadCreationTime : 16-7-2005 17:25:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Executa uma DLL como um aplicativo
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : RUNDLL.EXE

#:18 [teatimer.exe]
FilePath : C:\Arquivos de programas\Spybot - Search & Destroy\
ProcessID : 1352
ThreadCreationTime : 16-7-2005 17:25:32
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 16-7-2005 17:25:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1456
ThreadCreationTime : 16-7-2005 17:25:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1576
ThreadCreationTime : 16-7-2005 17:25:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1664
ThreadCreationTime : 16-7-2005 17:25:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [avgamsvr.exe]
FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\
ProcessID : 1684
ThreadCreationTime : 16-7-2005 17:25:45
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:24 [avgupsvc.exe]
FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\
ProcessID : 1808
ThreadCreationTime : 16-7-2005 17:25:46
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:25 [ccsetmgr.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\Symantec Shared\
ProcessID : 1840
ThreadCreationTime : 16-7-2005 17:25:47
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:26 [ghosts~2.exe]
FilePath : C:\ARQUIV~1\NORTON~2\NORTON~4\
ProcessID : 1876
ThreadCreationTime : 16-7-2005 17:25:48
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:27 [mdm.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\
ProcessID : 1900
ThreadCreationTime : 16-7-2005 17:25:48
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:28 [navapsvc.exe]
FilePath : C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\
ProcessID : 1920
ThreadCreationTime : 16-7-2005 17:25:48
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:29 [nprotect.exe]
FilePath : C:\ARQUIV~1\NORTON~2\NORTON~2\
ProcessID : 1964
ThreadCreationTime : 16-7-2005 17:25:48
BasePriority : Normal
FileVersion : 17.0.0.82
ProductVersion : 17.0.0.82
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:30 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 152
ThreadCreationTime : 16-7-2005 17:25:48
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:31 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 292
ThreadCreationTime : 16-7-2005 17:25:49
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:32 [smagent.exe]
FilePath : C:\Arquivos de programas\Analog Devices\SoundMAX\
ProcessID : 364
ThreadCreationTime : 16-7-2005 17:25:49
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:33 [nopdb.exe]
FilePath : C:\ARQUIV~1\NORTON~2\NORTON~2\SPEEDD~1\
ProcessID : 116
ThreadCreationTime : 16-7-2005 17:25:50
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll

#:34 [ccevtmgr.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\Symantec Shared\
ProcessID : 900
ThreadCreationTime : 16-7-2005 17:25:57
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:35 [savscan.exe]
FilePath : C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\
ProcessID : 2264
ThreadCreationTime : 16-7-2005 17:26:05
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:36 [msnmsgr.exe]
FilePath : C:\Arquivos de programas\MSN Messenger\
ProcessID : 3996
ThreadCreationTime : 16-7-2005 17:30:39
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:37 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2340
ThreadCreationTime : 16-7-2005 18:40:48
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : EXPLORER.EXE

#:38 [iexplore.exe]
FilePath : C:\Arquivos de programas\Internet Explorer\
ProcessID : 3104
ThreadCreationTime : 16-7-2005 18:41:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : IEXPLORE.EXE

#:39 [dcplusplus.exe]
FilePath : C:\Arquivos de programas\DC++\
ProcessID : 3340
ThreadCreationTime : 16-7-2005 21:00:03
BasePriority : Normal
FileVersion : 0, 6, 7, 4
ProductVersion : 0, 6, 7, 4
ProductName : DC++
FileDescription : DC++
InternalName : DC++
LegalCopyright : Copyright 2001-2005 Jacek Sieka
OriginalFilename : DCPlusPlus.exe
Comments : http://dcplusplus.sourceforge.net

#:40 [winamp.exe]
FilePath : C:\Arquivos de programas\Winamp\
ProcessID : 4036
ThreadCreationTime : 16-7-2005 21:09:47
BasePriority : Normal
FileVersion : 5.08d
ProductVersion : 5.08d
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2004, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:41 [cleanup.exe]
FilePath : C:\Arquivos de programas\CleanUp!\
ProcessID : 3896
ThreadCreationTime : 16-7-2005 21:29:59
BasePriority : Normal
FileVersion : 4.0
ProductVersion : 4.0
ProductName : Windows CleanUp!
CompanyName : Steven R. Gould
FileDescription : Removes temporary files. Frees disk space and helps protect privacy! :-)
InternalName : CleanUp!
LegalCopyright : Copyright 1998-2005 Steven R. Gould
OriginalFilename : cleanup.exe
Comments : For updates visit http://cleanup.stevengould.org/

#:42 [ad-aware.exe]
FilePath : C:\ARQUIV~1\Lavasoft\AD-AWA~1\
ProcessID : 3392
ThreadCreationTime : 16-7-2005 21:47:37
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:43 [getright.exe]
FilePath : C:\ARQUIV~1\GetRight\
ProcessID : 3516
ThreadCreationTime : 16-7-2005 21:49:55
BasePriority : Normal
FileVersion : 4.5
ProductVersion : 4.5
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 2001 Headlight Software, Inc.
LegalTrademarks : GetRight is a registered trademark of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\User\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-515967899-2146841463-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

19:02:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:23.688
Objects scanned:114015
Objects identified:0
Objects ignored:0
New critical objects:0

Edited by Ian Norttingham, 16 July 2005 - 04:02 PM.

[Advertisements]

Hi Ian and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[Trevuren]

Hi Ian and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[Trevuren]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.