Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Better Internet from Spybot [RESOLVED]


  • This topic is locked This topic is locked

#1
ergenu2

ergenu2

    Member

  • Member
  • PipPip
  • 76 posts
Being that I just had many problems with winfixer a few days ago (now resolved per this board), and now Spybot found things...
Also, and during boot up today, it didnt start up after the windows logo..., but it started up fine when I went to "last known good configuration"

New Hi jack log
Jon B



Logfile of HijackThis v1.99.1
Scan saved at 7:08:19 AM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hi Jack this JB\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110758300\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud14.sports....mlbst8408_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123354168375
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_5_0.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - http://216.249.24.14...geWell-ipix.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe (file missing)
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi there, let's go to the extreme and run a few virus scans to see if they can pick anything up:

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Run BOTH these scans:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.

Check Ad-aware, Spybot and Ewido for any updates. Boot into Safe Mode and run those scans - fix what they find. Save the Ewido log.

Restart and post the Ewido log here and also do the following:

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

#3
ergenu2

ergenu2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Some info and then the logs---
Trend Micro said congrats ona clean system
Ive posted the Panda scan below
Ewido, I had to reinstall, cause i couldnt figure how to get updates, so I removed it and downloaded it again...
when I tried to get updates the second time after new install, it said at the bottom that it couldnt find the site, so I did a manual download and , after a moment a bar came up at the bottom and told me that there are no downloads..so I assume it is updated.
I now have an ewido guard, is that okay to have with Norton too? Should i remove the guard?
Spybot found 2 things, and I dont think they were a big deal--they were about me disabling windows firewall (like u mentioned)..Cause I have norton internet security.

Ad aware only found an mru list which was negligible--i wasnt sure if i should delete, so i didnt.

Norton quarantine was empty, but the backup had stuff in it that Im not sure I can delete (but i did delete the recovery items on Spybot)

FYI--that last scan (mwti.net software) took 3 1/2 hours to scan...

Below are the Panda log, ewido, MW post and a new high jack scan

Incident Status Location

Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/keenvalue No disinfected C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/elitebar No disinfected C:\WINDOWS\etb
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_94.exe
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\system32\Process.exe ---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:12:01 PM, 8/11/2005
+ Report-Checksum: D9084B62

+ Scan result:

No infected objects found.


::Report End

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ActiveX.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\iPIX-ImageWell-ipix.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ITDetector.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OUTC.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ycomp5_1_5_0.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\RMAgentOutput.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\XpBlock.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\RMAgentOutput.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}" refers to invalid object "E:\bin\win32\omgdwrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d715e738-0eae-4485-a520-6171d660aff2}" refers to invalid object "C:\WINDOWS\System32\isksr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}" refers to invalid object "E:\bin\win32\omgdbp.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4BD1DE2-5102-6415-9C11-09CB23AF787E}" refers to invalid object "C:\WINDOWS\System32\dxmrtp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\Program Files\Kazaa\My Shared Folder\download10890242331125342156.dat infected by "Trojan-Downloader.WMA.Wimad.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Kazaa\My Shared Folder\download10890242371125346093.dat infected by "Trojan-Downloader.WMA.Wimad.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\016333DB.asw tagged as "not-a-virus:AdWare.BrilliantDigital.e". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07925EA3.exe tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E785DF0.asw tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\168A59EA.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19E019E2.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3563". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A7419B6.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1AA05280.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DAA2BE6.asw infected by "Trojan.Win32.Krepper.y" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26C94711.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3566". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DD30775.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32F13BA2.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\363944A5.asw tagged as "not-a-virus:AdWare.Altnet.d". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\363944A5.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3ED56940.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F1A3032.dll tagged as "not-a-virus:AdWare.Altnet.i". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41CA00A4.dll tagged as "not-a-virus:AdWare.Altnet.k". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41CA00A4.exe tagged as "not-a-virus:AdWare.BrilliantDigital.3022". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41DB2025.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\45F53B3C.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4D150D38.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\551E06BA.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552130B7.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55245AB3.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552704AF.asw tagged as "not-a-virus:AdWare.Perfnav.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552704AF.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552B2EAC.exe tagged as "not-a-virus:AdWare.BrilliantDigital.1100". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552E58A8.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552E58A8.exe tagged as "not-a-virus:AdWare.BrilliantDigital.3022". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\553102A5.dll tagged as "not-a-virus:AdWare.BrilliantDigital.e". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\553102A5.exe tagged as "not-a-virus:AdWare.Altnet.i". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55342CA1.fil tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5538569D.exe tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58137795.asw tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63960A06.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B605F83.asw tagged as "not-a-virus:AdWare.BrilliantDigital.3567". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E404A93.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\75601C8F.asw tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C0222A4.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{E494405A-A007-4223-8570-60B192C0D901}\RP1012\A0117378.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\WINDOWS\icont.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.


Logfile of HijackThis v1.99.1
Scan saved at 6:59:31 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLHOS~1.EXE
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\COMMON~1\AOL\111075~1\EE\AOLServiceHost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hi Jack this JB\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110758300\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud14.sports....mlbst8408_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123354168375
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_5_0.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - http://216.249.24.14...geWell-ipix.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe (file missing)
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall these from the Add/Remove panel if found:

P2P Networking
MyWay
CasSub
EliteToolBar


Download ETRemover and unzip it. Don't run it yet.

Boot into Safe Mode.

Delete these if found:

C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\BROWSERXTRAS\PN\
C:\WINDOWS\cfgmgr52.ini
C:\PROGRAM FILES\CasStub
C:\PROGRAM FILES\MyWay
C:\WINDOWS\SYSTEM32\P2P Networking
C:\WINDOWS\etb\
C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\icont.exe


Run ETRemover.exe now.

Restart. Any problems now? Run a new Panda scan to make sure. If all is clear, then:

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP