Jump to content

AVSystemCare


Recommended Posts

Can't seem to get rid of AVSytemCare. My PC is real sluggish, hopefully related. I've tried Norton AV and Windows Defender but nothing is detected. Followed Syantec's recommendations for deleting keys from my registry but I could not locate most of them. Also ran Reistry Mechanic but this did not seem to help.

I'm new to this forum. sorry, not familiar with HijackThis Logs.

John

Link to post
Share on other sites

  • Root Admin

First, download the program Hoster to restore the default hosts file back onto your machine.

To do so, download the Hoster program and run it.

http://www.funkytoad.com/download/hoster.zip

When it opens, click on the Restore Original Hosts button and then exit Hoster.

Next, open HijackThis and place a checkmark next to the following items.

O2 - BHO: (no name) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - (no file)

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O3 - Toolbar: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

Click Fix Checked. Next download one of our other utilties called StartUpLite from http://www.malwarebytes.org/startuplite.php. Start it and read each description. Select an option for each item and then click Continue. Restart your computer and let me know how your computer is running.

Link to post
Share on other sites

First, download the program Hoster to restore the default hosts file back onto your machine.

To do so, download the Hoster program and run it.

http://www.funkytoad.com/download/hoster.zip

When it opens, click on the Restore Original Hosts button and then exit Hoster.

Next, open HijackThis and place a checkmark next to the following items.

O2 - BHO: (no name) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - (no file)

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O3 - Toolbar: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

Click Fix Checked. Next download one of our other utilties called StartUpLite from http://www.malwarebytes.org/startuplite.php. Start it and read each description. Select an option for each item and then click Continue. Restart your computer and let me know how your computer is running.

Went to funkytoad site. No hoster.zip file available. Downloaded HosterXpert and ran program. Got one error: cannot create file c:windows\system32\drivers\ETC\host

Follwed your instructions to run HijackThis and fix 3 items, then ra StartUpLite and restarted my computer.

No noticeable difference in perfmormance, but more distressing is I wasn't on-line more than 3 minutes and AVSystemCare screen show up twice. Capturedthe following from the screen

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html lang="en-US">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<title>Download antivirus program</title>

<script language=VBScript>

Private i, x, MM_FlashControlVersion

On Error Resume Next

x = null

MM_FlashControlVersion = 0

var Flashmode

FlashMode = False

var do_dw_var

var browser_flash_version

For i = 9 To 1 Step -1

Set x = CreateObject("ShockwaveFlash.ShockwaveFlash." & i)

MM_FlashControlInstalled = IsObject(x)

If MM_FlashControlInstalled Then

MM_FlashControlVersion = CStr(i)

Exit For

End If

Next

x = null

FlashMode = (MM_FlashControlVersion >= 6)

do_dw_var = FlashMode

browser_flash_version = MM_FlashControlVersion

</SCRIPT>

<script type="text/javascript" language="JavaScript">

function detect()

{

FlashMode = 0;

if (navigator.plugins && navigator.plugins.length > 0)

{

if (navigator.plugins["Shockwave Flash"])

{

var plugin_version = 0;

var words = navigator.plugins["Shockwave Flash"].description.split(" ");

for (var i = 0; i < words.length; ++i)

{

if (isNaN(parseInt(words)))

continue;

plugin_version = words;

}

if (plugin_version >= 6)

{

var plugin = navigator.plugins["Shockwave Flash"];

var numTypes = plugin.length;

for (j = 0; j < numTypes; j++)

{

mimetype = plugin[j];

if (mimetype)

{

if (mimetype.enabledPlugin && (mimetype.suffixes.indexOf("swf") != -1))

FlashMode = 1;

// Mac wierdness

if (navigator.mimeTypes["application/x-shockwave-flash"] == null)

FlashMode = 0;

}

}

}

}

}

do_dw_var = FlashMode;

browser_flash_version = plugin_version;

}

function showFlash() {

if (navigator.appName.toLowerCase()!='microsoft internet explorer') {

detect();

}

if (navigator.userAgent.toLowerCase().indexOf('opera')>=0) {

detect();

}

if(do_dw_var) {

document.writeln('<a style="display: block; position:absolute; left: 0px; top: 0px;" href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class="download_link" id="download_link"><img src="http://avsystemcare.com/data/img/en/spacer.gif" width="532" height="86" border="0"></a>');

document.writeln('<div style="position:absolute; left: 0px; top:0px;"><object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="532" height="86" id="g_banner" align="middle">');

document.writeln('<param name="allowScriptAccess" value="sameDomain" />');

document.writeln('<param name="wmode" value="transparent" />');

document.writeln('<param name="movie" value="http://avsystemcare.com/data/img/en/i28a_Scan.swf" /><param name="quality" value="high" /><param name="bgcolor" value="#ffffff" /><PARAM NAME=FLASHVARS VALUE="CLICK_URL=/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c"/><embed FLASHVARS="CLICK_URL=/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" src="http://avsystemcare.com/data/img/en/i28a_Scan.swf" quality="high" wmode="transparent" bgcolor="#ffffff" width="532" height="86" name="g_banner" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object></div>');

}

}

</script>

<style type="text/css">

body {margin:0px 0px 0px 0px}

a:link {text-decoration:none; color:#000000}

a:visited {text-decoration:none; color:#000000}

a:hover {text-decoration:none; color:#000000}

a:active {text-decoration:none; color:#000000}

#general {width:720px}

#float {float:left}

#clear {clear:both}

#brds {border-left:3px solid #191fbc; border-right:3px solid #191fbc; border-bottom:3px solid #191fbc}

#container {width:714px}

#pad1 {padding-right:15px}

#pad2 {padding-left:17px}

#pad3 {padding-left:11px; padding-bottom:15px}

#pad4 {padding-top:15px; padding-left:5px; padding-bottom:12px}

#pad5 {padding-left:10px; padding-bottom:5px}

#menu {background-color:#ece9d8}

#btns {background-image:url(http://avsystemcare.com/data/img/en/i28a_bg2.gif)}

#btns-bot {background-image:url(http://avsystemcare.com/data/img/en/i28a_bg3.gif); position:relative}

#btn-link2 {position:absolute; width:81px; height:20px; top:9px; left:513px}

#btn-link3 {position:absolute; width:81px; height:20px; top:9px; left:615px}

#dv1 {float:left; width:456px}

#dv2 {width:515px; padding-top:2px; padding-bottom:3px}

.style1 {font-family:Arial; font-size:11px; color:#000000}

.style2 {font-family:Arial; font-size:11px; color:#a7a292}

.style3 {font-family:Arial; font-size:18px; color:#000000; font-weight:bold}

.style4 {font-family:Arial; font-size:14px; color:#000000; font-weight:bold}

.style4 strong {color:#FF0000}

.style5 {font-family:Arial; font-size:12px; color:#000000; font-weight:bold}

.style6 {font-family:Arial; font-size:10px; color:#000000}

</style>

</head>

<body>

<div align="center">

<div id="general" align="left">

<div>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td width="25"><img src="http://avsystemcare.com/data/img/en/i28a_icon1.gif" width="25" height="30"></td>

<td background="http://avsystemcare.com/data/img/en/i28a_bg1.gif"><img src="http://avsystemcare.com/data/img/en/i28a_t1.gif"></td>

<td width="75" align="right"><img src="http://avsystemcare.com/data/img/en/i28a_icon2.gif" width="75" height="30"></td>

</tr>

</table>

</div>

<div id="brds">

<div id="container">

<div id="menu" align="left">

<table height="24" border="0" cellpadding="0" cellspacing="0" class="style1">

<tr>

<td width="20"> </td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">File</a></td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Edit</a></td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">View</a></td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Favorites</a></td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Tools</a></td>

<td id="pad1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Help</a></td>

</tr>

</table>

</div>

<div id="btns" align="left">

<table height="46" border="0" cellpadding="0" cellspacing="0">

<tr>

<td width="43"><img src="http://avsystemcare.com/data/img/en/i28a_btn1.gif" width="43" height="25"></td>

<td class="style2">Back</td>

<td width="60"><img src="http://avsystemcare.com/data/img/en/i28a_btn2.gif" width="60" height="25"></td>

<td width="19"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn3.gif" width="19" height="25" border="0"></a></td>

<td width="10"><img src="http://avsystemcare.com/data/img/en/i28a_line1.gif" width="10" height="46"></td>

<td width="24"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn4.gif" width="24" height="25" hspace="4" border="0"></a></td>

<td class="style1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Search</a></td>

<td width="23"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn5.gif" width="23" height="25" hspace="5" border="0"></a></td>

<td class="style1"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link">Folders</a></td>

<td width="11"><img src="http://avsystemcare.com/data/img/en/i28a_line2.gif" width="11" height="46"></td>

<td><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_btn6.gif" width="32" height="25" border="0"></a></td>

</tr>

</table>

</div>

<div>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td width="137" align="center" valign="middle" bgcolor="#00094d"><img src="http://avsystemcare.com/data/img/en/i28a_icon3.gif" width="78" height="68"></td>

<td valign="top" id="pad2">

<div>

<div id="float"><img src="http://avsystemcare.com/data/img/en/i28a_icon4.gif" width="76" height="65"></div>

<div id="dv1">

<div id="pad4">

<div class="style3">WARNING: Your computer may be infected</div>

<div class="style4">Install a security solution to check and prevent infections.</div>

</div>

</div>

<div id="clear"></div>

</div>

<div id="pad3">

<div class="style5">A reliable antivirus software is scanning your PC for viruses, spyware and other threats</div>

<div class="style5">Protect your system and prevent the risk of infection</div>

<div class="style5">This antivirus will now located viruses and infected files on your system</div>

</div>

<div style="position:relative">

<div class="fla_banner">

<a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_no_flash.gif" border="0"></a>

<script>showFlash()</script>

</div>

</div>

<div id="dv2" class="style6" align="right">Now Performing A Typical System Scan</div>

</td>

</tr>

</table>

</div>

<div id="btns-bot">

<div id="btn-link2"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_spacer.gif" width="81" height="20" border="0"></a></div>

<div id="btn-link3"><a href="/data/installer.php?52545a0d46475b50165400075d68434b6b510c6955515253105f5b585e5250561352555608404968

2055352010500010712050b000c" class='download_link' id="download_link"><img src="http://avsystemcare.com/data/img/en/i28a_spacer.gif" width="81" height="20" border="0"></a></div>

<table width="100%" height="38" border="0" cellpadding="0" cellspacing="0">

<tr>

<td valign="bottom" class="style6" id="pad5">Advertisement</td>

<td width="81">

<table width="100%" height="20" border="0" cellspacing="0" cellpadding="0">

<tr>

<td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn1.gif" class="style2">< Back</td>

</tr>

</table>

</td>

<td width="8"> </td>

<td width="81">

<table width="100%" height="20" border="0" cellspacing="0" cellpadding="0">

<tr>

<td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn2.gif" class="style1">Next ></td>

</tr>

</table>

</td>

<td width="21"> </td>

<td width="81">

<table width="100%" height="20" border="0" cellspacing="0" cellpadding="0">

<tr>

<td align="center" background="http://avsystemcare.com/data/img/en/i28a_bg-btn3.gif" class="style1">Cancel</td>

</tr>

</table>

</td>

<td width="17"> </td>

</tr>

</table>

</div>

</div>

</div>

</div>

</div>

<script language="javascript" type="text/javascript" src="http://avsystemcare.com/data/js/autoresize.js"></script>

<img src="http://calc.avsystemcare.com/gsid_avsystemcare/gai_swbgreach_us_en_ged2/gli_422/gr_/lp_true/stats.php" width="1" height="1">

<div id="cab1"></div>

<div id="cab"></div>

<script language='JavaScript'>

var keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';

function prepare(input) { var output = ''; var chr1, chr2, chr3; var enc1, enc2, enc3, enc4; var i = 0; input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); do { enc1 = keyStr.indexOf(input.charAt(i++)); enc2 = keyStr.indexOf(input.charAt(i++)); enc3 = keyStr.indexOf(input.charAt(i++)); enc4 = keyStr.indexOf(input.charAt(i++)); chr1 = (enc1 << 2) | (enc2 >> 4); chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 64) { output = output + String.fromCharCode(chr2); } if (enc4 != 64) { output = output + String.fromCharCode(chr3); } } while (i < input.length); return output; }

eval(prepare('CXZhciBBSURfUEFSQU1fTkFNRSA9ICdnYWknOwoJdmFyIEFJRF9QQVJBTV9WQUxVRSA9ICdzd2Jn

mVhY2hfdXNfZW5fZ2VkMic7Cgl2YXIgTElEX1BBUkFNX05BTUUgPSAnZ2xpJzsKCXZhciBMSURfUEFSQ

1fVkFMVUUgPSAnNDIyJzsKCXZhciBSRUZfUEFSQU1fTkFNRSA9ICdncic7Cgl2YXIgUkVGX1BBUkFNX1

BTFVFID0gJyc7Cgl2YXIgQUZGSURfUEFSQU1fTkFNRSA9ICdnZmYnOwoJdmFyIEFGRklEX1BBUkFNX1Z

TFVFID0gJ3BwXzY0MjY0MjY5Myc7Cgl2YXIgUFJPRF9JRF9QQVJBTV9OQU1FID0gJ2dwaWQnOwoJdmFy

FBST0RfSURfUEFSQU1fVkFMVUUgPSAnNTc0JzsKCXZhciBBWF9QQVJBTV9OQU1FID0gJ2dsYSc7Cgl2Y

IgQVhfUEFSQU1fVkFMVUUgPSAnMCc7Cgl2YXIgRVhfUEFSQU1fTkFNRSA9ICdnbGUnOwoJdmFyIEVYX1

BUkFNX1ZBTFVFID0gJzEnOwoJdmFyIEVEX1BBUkFNX05BTUUgPSAnZ2VkJzsKCXZhciBFRF9QQVJBTV9

QUxVRSA9ICcwJzsKCXZhciBQX1BBUkFNX05BTUUgPSAnZyc7Cgl2YXIgUF9QQVJBTV9WQUxVRSA9ICcy

Cc7Cgl2YXIgU0lURV9JRF9QQVJBTV9OQU1FID0gJ2dzaWQnOwoJdmFyIFNJVEVfSURfUEFSQU1fVkFMV

UgPSAnMjA3JzsKCXZhciBMQU5HX1BBUkFNX05BTUUgPSAnbGFuZyc7Cgl2YXIgTEFOR19QQVJBTV9WQU

VRSA9ICcnOwoJdmFyIENOVF9QQVJBTV9OQU1FID0gJ2NudCc7Cgl2YXIgQ05UX1BBUkFNX1ZBTFVFID0

Jyc7Cgl2YXIgTE5HX1BBUkFNX05BTUUgPSAnbG5nJzsKCXZhciBMTkdfUEFSQU1fVkFMVUUgPSAnJzsK

XZhciBIX1BBUkFNX05BTUUgPSAnZ2gnOwoJdmFyIEhfUEFSQU1fVkFMVUUgPSAnMTAnOwoJdmFyIFdfU

FSQU1fTkFNRSA9ICdndyc7Cgl2YXIgV19QQVJBTV9WQUxVRSA9ICcwJzsKCXZhciBKX1BBUkFNX05BTU

gPSAnZ2onOwoJdmFyIEpfUEFSQU1fVkFMVUUgPSAnMSc7Cgl2YXIgQVBfUEFSQU1fTkFNRSA9ICcnOwo

dmFyIEFQX1BBUkFNX1ZBTFVFID0gJzAnOwoJdmFyIE9SREVSX1BBR0VfTkFNRSA9ICdzYWxlJzsKCXZh

iBVTklOU1RBTExfUEFHRV9OQU1FID0gJ3JtJzsKCXZhciBDT05UQUNUX1BBR0VfTkFNRSA9ICdjb250Y

N0X3VzJzsKCXZhciBET1dOTE9BRF9QQUdFX05BTUUgPSAnaW5zdGFsbCc7Cgl2YXIgRE9XTkxPQUQyX1

BR0VfTkFNRSA9ICdpbnN0YWxsMic7Cgl2YXIgU1RBUlRfVElNRSA9ICcxMTgyOTk2NjAzLjE5JzsKCXZ

ciBTSVRFX0hPU1QgPSAnYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgU0lURV9ET01BSU4gPSAnYXZzeXN0

W1jYXJlLmNvbSc7Cgl2YXIgSVAgPSAnNzIuODUuMTk5LjI1NCc7Cgl2YXIgTEFORElOR19QQVRIID0gJ

RhdGEnOwoJdmFyIExBTkRJTkdfVVJMID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvJzsKCX

hciBSRVFVRVNUX1BBR0UgPSAnL2luZGV4LnBocCc7Cgl2YXIgUkVRVUVTVF9QQUdFX0FMSUFTID0gJy9

bmRleC5waHAnOwoJdmFyIExBTkdVQUdFID0gJ2VuJzsKCXZhciBCUk9XU0VSX0xBTkdVQUdFID0gJ2Vu

zsKCXZhciBTVFlMRVMgPSAnaHR0cDovL2F2c3lzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMvZW4nOwoJd

FyIElNRyA9ICdodHRwOi8vYXZzeXN0ZW1jYXJlLmNvbS9kYXRhL2ltZy9lbic7Cgl2YXIgSlMgPSAnaH

0cDovL2F2c3lzdGVtY2FyZS5jb20vZGF0YS9qcy9lbic7Cgl2YXIgQ0hBUlNFVCA9ICdVVEYtOCc7Cgl

YXIgUFJPRFVDVF9OQU1FID0gJ0FWU3lzdGVtQ2FyZSc7Cgl2YXIgVkVORE9SX05BTUUgPSAnTG9jdXNT

2Z0d2FyZSBJbmMuJzsKCXZhciBQUk9EVUNUX0FCQlIgPSAnR0E2UCc7Cgl2YXIgU0VDVVJFX0RPTUFJT

A9ICdzYWxlLmF2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFNUQVRTX1NFUlZFUiA9ICdjYWxjLmF2c3lzdG

tY2FyZS5jb20nOwoJdmFyIElOU1RBTExFUiA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2F

c3lzdGVtY2FyZS5jb20vQVZTeXN0ZW1DYXJlL2luc3RhbGxfZW4uZXhlJzsKCXZhciBGUkVFX1NFVFVQ

1VSTCA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL0FudGlWaXJ1c1NldHVwRnJlZV9lbi5le

UnOwoJdmFyIENBQiA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2F2c3lzdGVtY2FyZS5jb2

vQVZTeXN0ZW1DYXJlL2luc3RhbGxfZW4uY2FiJzsKCXZhciBTVVBQT1JUX0VNQUlMID0gJ3N1cHBvcnQ

ZnJlZUBhdnN5c3RlbWNhcmUuY29tJzsKCXZhciBTVEFUU19TSVRFX0lEID0gJ2F2c3lzdGVtY2FyZSc7

gl2YXIgUFJPRFVDVF9USVRMRSA9ICdBVlN5c3RlbUNhcmUnOwoJdmFyIFBST0RVQ1RfSUQgPSAnNTc0J

sKCXZhciBTSVRFX0lEID0gJzIwNyc7Cgl2YXIgQUZGSUxJQVRFX0xJTksgPSAnJzsKCXZhciBTVEFUU1

MSU5LID0gJ2h0dHA6Ly97U1RBVFNfU0VSVkVSfS8lc197c3RhdHNfc2l0ZV9pZH0vJXNfe2FpZH0vJXN

e2xpZH0vJXNfe3JlZn0vbHBfdHJ1ZS9zdGF0cy5waHAnOwoJdmFyIFJFQUxfTEFORElOR19QQVRIID0g

2RhdGEnOwoJdmFyIExPQ0FMRSA9ICdlbl9VUyc7Cgl2YXIgQ09VTlRSWV9DT0RFID0gJ3VzJzsKCXZhc

BDSVRZX05BTUUgPSAnYm9zdG9uJzsKCXZhciBJTUdfQ09NTU9OID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcm

uY29tL2RhdGEvaW1nJzsKCXZhciBJTUdfQ1VTVE9NID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2R

dGEvaW1nL2VuL2F2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFNUWUxFU19DT01NT04gPSAnaHR0cDovL2F2

3lzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMnOwoJdmFyIFNUWUxFU19DVVNUT00gPSAnaHR0cDovL2F2c

lzdGVtY2FyZS5jb20vZGF0YS9zdHlsZXMvZW4vYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgSlNfQ09NTU

OID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvanMnOwoJdmFyIEpTX0NVU1RPTSA9ICdodHR

Oi8vYXZzeXN0ZW1jYXJlLmNvbS9kYXRhL2pzL2VuL2F2c3lzdGVtY2FyZS5jb20nOwoJdmFyIFBSSUNF

D0gJyYjeDI0OyAzOS45NSc7Cgl2YXIgQUlEID0gJ3N3YmdyZWFjaF91c19lbl9nZWQyJzsKCXZhciBMS

QgPSAnNDIyJzsKCXZhciBBRkZJRCA9ICdwcF82NDI2NDI2OTMnOwoJdmFyIFAgPSAnMjgnOwoJdmFyIE

YID0gJzEnOwoJdmFyIEFYID0gJzAnOwoJdmFyIEVEID0gJzAnOwoJdmFyIEggPSAnMTAnOwoJdmFyIEo

PSAnMSc7Cgl2YXIgVyA9ICcwJzsKCXZhciBBUCA9ICcwJzsKCXZhciBCUk9XU0VSID0gJ21zaWUgNy4w

zsKCXZhciBPUyA9ICd3aW4geHAnOwoJdmFyIFNFUlZFUl9OQU1FID0gJ2F2c3lzdGVtY2FyZS5jb20nO

oJdmFyIENPT0tJRV9ET01BSU4gPSAnYXZzeXN0ZW1jYXJlLmNvbSc7Cgl2YXIgUFJPRF9JRCA9ICc1Nz

nOwoJdmFyIFBSRVNBTEVfVVJMID0gJ2h0dHA6Ly9hdnN5c3RlbWNhcmUuY29tL2RhdGEvc2FsZS5waHA/NTI1NDVhMGQ0NjQ3NWI1MDE2NTQwMDA3NWQ2ODQzNGI2YjUxMGM2OTU1NTE1MjUzMTA1ZjViNTg1ZTUy

TA1NjEzNTI1NTU2MDg0MDQ5Njg1MjA1NTM1MjAxMDUwMDAxMDcxMjA1MGIwMDBjJzsKCXZhciBJTlNUT

lOSyA9ICdodHRwOi8vY29udGVudC5vbmVyYXRlbGQuY29tL2F2c3lzdGVtY2FyZS5jb20vQVZTeXN0ZW

DYXJlL2luc3RhbGxfZW4uZXhlJzsKCXZhciBDQUJMSU5LID0gJ2h0dHA6Ly9jb250ZW50Lm9uZXJhdGV

ZC5jb20vYXZzeXN0ZW1jYXJlLmNvbS9BVlN5c3RlbUNhcmUvaW5zdGFsbF9lbi5jYWInOwoJdmFyIElO

1RVUkwgPSAnL2RhdGEvaW5zdGFsbGVyLnBocD81MjU0NWEwZDQ2NDc1YjUwMTY1NDAwMDc1ZDY4NDM0Y

ZiNTEwYzY5NTU1MTUyNTMxMDVmNWI1ODVlNTI1MDU2MTM1MjU1NTYwODQwNDk2ODUyMDU1MzUyMDEwNT

wMDEwNzEyMDUwYjAwMGMnOwoJdmFyIExJQ1BSID0gJ2xpY3ByJzsKCXZhciBBRFZFUlRJU0VNRU5UID0

J0FEVkVSVElTRU1FTlQnOwoJdmFyIEVYX1JFRElSRUNUX1VSTCA9ICcvZGF0YS9pbnN0YWxsMi5waHA/NTQ1YzU3MGQ0NjQ3NWI1MDE2NTQwMDA3NWQ2ODQzNGI2YjUxMGM2OTU1NTE1MjUzNjk1ZDRmNTgxNzQw

TAwMTQ2NWM0OTU1MDgwMTFmNTAwODU4NWM1MDA3MDUxMDVmNTI1MjVmNDY0MjZiMDA1NTA0MGUwMzAzN

U1ZjUxNDI1MjA4MDEwOCc7Cgl2YXIgSU1HX1BBVEggPSAnaHR0cDovL2F2c3lzdGVtY2FyZS5jb20vZG

0YS9pbWcvZW4nOwoJdmFyIFJFRiA9ICcnOwoJdmFyIFNUWUxFU19QQVRIID0gJ2h0dHA6Ly9hdnN5c3R

bWNhcmUuY29tL2RhdGEvdHBsX2dsb2JhbC9sb2NhbGVzZW5fVVMvc3R5bGVzLyc7Cg=='));

</script>

<script language="JavaScript">

var _PHRASES = new Array(

'OkClicked.phrase1', 'AVSystemCare will scan your system for viruses now.',

'OkClicked.phrase2', 'Please select "RUN" or "OPEN" when prompted to start the installation.',

'OkClicked.phrase3', 'This file has been digitally signed and independently certified as 100% free of viruses, adware and spyware.',

'OkUnloadHandler.phrase1', 'NOTICE: You have not completed the virus scan! If your computer is infected,',

'OkUnloadHandler.phrase2', 'you could suffer data loss, erratic PC behavior, PC freezes and crashes.',

'OkUnloadHandler.phrase3', 'Do you want to install AVSystemCare to scan your PC for malware now? (Recommended)',

"order.msg1.1", "Warning - {err} severe malware have been detected on your PC.",

"order.msg2.1", "Warning! Your PC can be in danger of severe viruses.",

"order.msg2", "These viruses may cause permanent damage to your computer.",

"order.msg3", "If you want to fix your system, please register your software, continue?"

);

</script>

<script language='javascript' type='text/javascript' src='http://avsystemcare.com/data/js/managers.js'></script>

<script language="javascript" type="text/javascript" src="http://avsystemcare.com/data/js/index.js"></script>

</body>

</html>

Link to post
Share on other sites

Can you please post a fresh Hijackthis log?

Here is my latest Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:13:57 PM, on 6/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 66.38.215.115 kazza.com

O1 - Hosts: 66.38.215.115 www.kazza.com

O1 - Hosts: 66.38.215.115 kaza.com

O1 - Hosts: 66.38.215.115 www.kaza.com

O1 - Hosts: 66.38.215.115 kaaza.com

O1 - Hosts: 66.38.215.115 www.kaaza.com

O1 - Hosts: 66.38.215.115 kahza.com

O1 - Hosts: 66.38.215.115 www.kahza.com

O1 - Hosts: 66.38.215.115 edonkey.com

O1 - Hosts: 66.38.215.115 www.edonkey.com

O1 - Hosts: 66.38.215.115 emule.com

O1 - Hosts: 66.38.215.115 www.emule.com

O1 - Hosts: 66.38.215.115 suprnova.com

O1 - Hosts: 66.38.215.115 www.suprnova.com

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

O1 - Hosts: 64.124.166.37 www.kaazalite.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cab

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 13862 bytes

Link to post
Share on other sites

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Link to post
Share on other sites

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

I ran smitfraudfix.cmd and my Norton AV reported Malicious Script Detected. I authorized the script to run. DOS screen popped up that said "Process.exe file missing! Unzip all the archive in a folder. Press any key to contimue"

Link to post
Share on other sites

I ran smitfraudfix.cmd and my Norton AV reported Malicious Script Detected. I authorized the script to run. DOS screen popped up that said "Process.exe file missing! Unzip all the archive in a folder. Press any key to contimue"

Downloaded smitfraud again and it ran this time. Here are the results. Do I need to run from desktop of every user of my PC?

SmitFraudFix v2.197

Scan done at 16:20:50.25, Fri 06/29/2007

Run from C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Link to post
Share on other sites

Ran ATF Cleaner and them did a Panda scan with results listed below. The Shutdown.Z virus came from Smitfraud which you previously recommended I instal??

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch

Adware:adware/surfaccuracy Not disinfected Windows Registry

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix\Process.exe

Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix\SmitfraudFix\restart.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]

Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Dad\Desktop\SmitfraudFix.zip[smitfraudFix/restart.exe]

Dialer:Dialer.Gen Not disinfected C:\Program Files\dialware\mission\Gamescape_-_Dialware_-_3.exe

Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp

Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp

Dialer:Dialer.Gen Not disinfected C:\WINDOWS\SYSTEM32\Gamescape - Dialware - 3-uninstall.exe

Link to post
Share on other sites

My PC is still very sluggish and I'm still gettig AVSystemCare screen popping up as well as others like Celldorado.com and generousgenie.com (I have pop up blocker on so Idon't understand why this is happening. I'm not getting the sense I've made any progress on my problems?

Here's my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:29:24 PM, on 7/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 66.38.215.115 kazza.com

O1 - Hosts: 66.38.215.115 www.kazza.com

O1 - Hosts: 66.38.215.115 kaza.com

O1 - Hosts: 66.38.215.115 www.kaza.com

O1 - Hosts: 66.38.215.115 kaaza.com

O1 - Hosts: 66.38.215.115 www.kaaza.com

O1 - Hosts: 66.38.215.115 kahza.com

O1 - Hosts: 66.38.215.115 www.kahza.com

O1 - Hosts: 66.38.215.115 edonkey.com

O1 - Hosts: 66.38.215.115 www.edonkey.com

O1 - Hosts: 66.38.215.115 emule.com

O1 - Hosts: 66.38.215.115 www.emule.com

O1 - Hosts: 66.38.215.115 suprnova.com

O1 - Hosts: 66.38.215.115 www.suprnova.com

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

O1 - Hosts: 64.124.166.37 www.kaazalite.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cab

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14671 bytes

Link to post
Share on other sites

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

I have multiple user accounts onmy PC. do I need to run combofix.exe for each account?

Here is the combofix log and an updated Highjackthis log for my user:

"Dad" - 2007-07-03 21:13:31 - ComboFix 07-07-03.9 - Service Pack 2

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP

C:\Program Files\screensavers.com

C:\Program Files\screensavers.com\Installer\bin\siuninst.exe

C:\Program Files\screensavers.com\Installer\temp\blank.gif

C:\Program Files\screensavers.com\Installer\temp\dm163.tmp.exe

C:\Program Files\screensavers.com\Installer\temp\dm25E.tmp

C:\Program Files\screensavers.com\Installer\temp\dm45.tmp.exe

C:\Program Files\screensavers.com\Installer\temp\dm47.tmp.exe

C:\Program Files\screensavers.com\Installer\temp\dmC7.tmp.exe

C:\Program Files\screensavers.com\Installer\temp\stubinstaller.ini

C:\Program Files\screensavers.com\Installer\temp\The_Weather_Channel_Application.exe

C:\Program Files\screensavers.com\Wallpaper\Hoodwinked.jpg

C:\Program Files\screensavers.com\Wallpaper\Madagascar - Penguins.jpg

C:\Program Files\screensavers.com\Wallpaper\Napoleon Dynamite.jpg

C:\Program Files\screensavers.com\Wallpaper\swpstart.exe

C:\Program Files\screensavers.com\Wallpaper\The SpongeBob SquarePants Movie.jpg

C:\WINDOWS\DOWNLO~1.\Quarantine

C:\WINDOWS\hosts

C:\WINDOWS\system32\lgooiwovhp.dat

C:\WINDOWS\system32\lgooiwovhp.exe

C:\WINDOWS\system32\lgooiwovhp_nav.dat

C:\WINDOWS\system32\lgooiwovhp_navps.dat

C:\WINDOWS\system32\nvs2.inf

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

2007-07-03 21:10 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-01 21:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2007-06-29 16:22 3,790 --a------ C:\WINDOWS\SYSTEM32\tmp.reg

2007-06-28 23:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-06-27 20:17 <DIR> d-------- C:\Program Files\RogueRemover

2007-06-25 20:42 94,208 --a------ C:\WINDOWS\SYSTEM32\qdcsinet.dll

2007-06-25 20:42 86,016 --a------ C:\WINDOWS\SYSTEM32\apitrap.dll

2007-06-25 20:42 182,784 --a------ C:\WINDOWS\SYSTEM32\ddao35.dll

2007-06-25 20:42 13,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qdfsdrv.sys

2007-06-25 20:41 <DIR> d-------- C:\Program Files\Norton CleanSweep

2007-06-25 19:22 76,377,688 --a------ C:\SYM_REGISTRY_BACKUP.reg

2007-06-24 13:36 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 02:37:43 -------- d-----w C:\Program Files\Norton AntiVirus

2007-07-02 02:31:56 -------- d-----w C:\Program Files\Messenger

2007-07-02 02:24:52 -------- d-----w C:\Program Files\iTunes

2007-07-02 02:23:34 -------- d-----w C:\Program Files\Google

2007-07-02 02:22:09 -------- d-----w C:\Program Files\Digital Line Detect

2007-07-02 02:22:01 -------- d-----w C:\Program Files\DellSupport

2007-07-02 02:21:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-02 02:20:59 -------- d-----w C:\Program Files\Common Files\Scanner

2007-06-29 03:26:41 -------- d-----w C:\Program Files\ItsDeductible2005

2007-06-26 11:45:34 -------- d-----w C:\Program Files\Pure Networks

2007-06-25 01:04:53 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat

2007-06-25 00:19:41 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-23 23:36:47 -------- d-----w C:\Program Files\Monkey Byte

2007-06-01 22:18:37 -------- d-----w C:\Program Files\LimeWire

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-16 03:22:27 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-10 19:42:06 286,720 ------w C:\WINDOWS\Setup1.exe

2007-05-10 19:42:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-05-10 19:31:31 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-24 12:45:56 209,920 ----a-w C:\WINDOWS\iun3401.exe

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

1998-04-02 20:51:12 77,312 --sha-r C:\WINDOWS\ic.exe

1998-04-02 20:55:56 80,384 --sha-r C:\WINDOWS\icfire.exe

1997-07-23 15:03:40 11,338 --sha-r C:\WINDOWS\ts.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-11-22 13:46 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-05-29 15:06 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

2005-10-19 13:54 218736 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

2001-07-25 12:00 143420 --a------ C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]

"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 12:00]

"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 18:44]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 14:38]

"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 10:36]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-14 20:19]

"HostManager"="C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe" [2006-03-08 14:38]

"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 11:57]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-21 17:51]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]

"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 13:52]

"RegistryMechanic"="" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-28 23:11]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]

"lgooiwovhp"="c:\windows\system32\lgooiwovhp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

*Newly Created Service* - ATWPKT2

Contents of the 'Scheduled Tasks' folder

2007-04-30 23:18:00 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Dad at 7 18 PM.job

2007-06-02 00:06:54 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dad.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-03 21:23:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-03 21:24:56

C:\ComboFix-quarantined-files.txt ... 2007-07-03 21:24

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:30:24 PM, on 7/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 66.38.215.115 kazza.com

O1 - Hosts: 66.38.215.115 www.kazza.com

O1 - Hosts: 66.38.215.115 kaza.com

O1 - Hosts: 66.38.215.115 www.kaza.com

O1 - Hosts: 66.38.215.115 kaaza.com

O1 - Hosts: 66.38.215.115 www.kaaza.com

O1 - Hosts: 66.38.215.115 kahza.com

O1 - Hosts: 66.38.215.115 www.kahza.com

O1 - Hosts: 66.38.215.115 edonkey.com

O1 - Hosts: 66.38.215.115 www.edonkey.com

O1 - Hosts: 66.38.215.115 emule.com

O1 - Hosts: 66.38.215.115 www.emule.com

O1 - Hosts: 66.38.215.115 suprnova.com

O1 - Hosts: 66.38.215.115 www.suprnova.com

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

O1 - Hosts: 64.124.166.37 www.kaazalite.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cab

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14294 bytes

Link to post
Share on other sites

Please download Navilog1 by IL-MAFIOSO:

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

  • Extract its contents to the desktop.
  • Double click on navilog1.exe to install it on your computer.
  • When the installation is complete, the tool will start automatically.
  • If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
  • Press E for English from the language Menu.
  • Type 1 in the next Menu to select Search and press Enter.
  • Wait for the Scan to finish (It may take a reasonable amount of time)
  • Press any key as requested .
  • A new document will be produced: fixnavi.txt.
  • Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Link to post
Share on other sites

Here is the navilog scan results:

Search Navipromo version 2.0.5 began on Thu 07/05/2007 at 21:39:13.29

!!! Warning, this report may include legitimate files/programs !!!

!!! Post this report on the forum you are being helped !!!

!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 01.07.2007 at 12h00 by IL-MAFIOSO

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\Documents and Settings\All Users\Application Data ***

*** Search folders in C:\Documents and Settings\Dad\Application Data ***

*** Search with BlackLight Engine/F-secure ***

BlackLight Engine is a product of F-secure, for more info:

http://www.f-secure.com/blacklight/blacklight_help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR

======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.

This is a beta version. It will expire on 1st of October, 2007.

Version information: 2.2.1064.

[+] Started on 07/05/07 at 21:39:15.

[+] Initializing ...

[+] Starting scan, press Ctrl-C to abort.

[+] Scanning for hidden items ................................................................................

....................................

[+] Scan complete.

[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.

[+] Exited on 07/05/07 at 21:53:44 (return code = 0).

*** Search files ***

C:\WINDOWS\pack.epk found !

*** Search registry keys ***

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Search Magic Control Key

*** Complementary Search ***

(Search specifics files)

1)Search known files:

2)Heuristic Search :

*

**

***

****

*****

******

*******

********

3)Certificates Search :

Certificate Egroup found !

*** Search completed on Thu 07/05/2007 at 21:54:27.64 ***

Link to post
Share on other sites

Hey there,

You have got a load on that system that may very well force my own personal hotrod PC here to puke out.

Even if malware is still in there,its fighting a losing battle for memory access. :)

You gotta get yourself down to a single Antivirus and Firewall.

If Symantec is broke or expired,lost it.

If CA Internet Security Suite is a trial,then keep it until trial is out and lose AVG for now.

AOL Spyware,Windows Defender and whatever else arent needed if you keep CA as it has PestPatrol included.

You have items in startup that also uneeded and can be accesses when they are needed through All Programs or Desktop Shortcuts.

If you are unfamiliar with msconfig,then maybe rock or i can walk you through that part.

After you have uninstalled all uneeded items,lets peek at a fresh HijackThis log.

Still waiting for therock to take a look at my Navilog results.

Dumped AOL Spyware, Windows Defender & AVG for now. CA Internet Suite- I only have CA Spyware installed. As far as I know the only firewall I have is Windows firewall.

Could use some help with msconfig :)

Here is an updated HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:55:02 PM, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1154100068\ee\aolsoftware.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

O1 - Hosts: 64.124.166.37 www.kaazalite.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154100068\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://mypc.genxsp.net/XTSAC.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cab

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 11909 bytes

Link to post
Share on other sites

Open Hijackthis and click scan. Then check mark the following entries

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites

I seem to be finally rid of AVSystemCare & other annoying pop ups! :)

Now I'm down to a performance issue. Some of my user accounts on the PC take excessive time to boot up and individual programs are slow to start. One account freezes my PC when shutting down.

Here's my latest HJT log after following your latest suggestion. Rock, thanks for sticking with me on this.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:20:04 PM, on 7/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\CA\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Dad\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

O1 - Hosts: 64.124.166.37 www.kaazalite.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll

O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mypc.genxsp.net/msrdp.cab

O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://mypc.genxsp.net/MLWebCacheCleaner.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust PestPatrol\PPCtlPriv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 10688 bytes

Link to post
Share on other sites

You could try posting about your issues here... http://www.malwarebytes.org/forums/index.p...&s=&f=6 There not malware issues...

Your log is clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Other necessary Programs:

  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.