17 replies to this topic

[francescakujken]

Dear Vino, I'm also a new hijack this user.
I did realize I also have a %system drive% foder on my desktop, but I write rather for teo infections I detected with a new norton internet security installation, that should hev been cured with norton updates. But, during and after updating my computer goes on asking for more space . My Ram is little , so it could be that updates need where to insall, but ran hijack this just to avoid it could be a trojan .
As I'm not able to undestand it could you look up to my ouyput please?
Thankyou

francesca

Logfile of HijackThis v1.99.1
Scan saved at 10.14.41, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDA68D95-B688-4144-BA69-38CEB4FE8797}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\hpdj.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[francescakujken]

Grazie Vino, sto bene. E tu? I read more carefully the replyes. Ok %systemdriver% should be on my Desktop , but I ran the SDFix as reading the first mail posted : I'm attaching my results. Hope the report saved is the right one . Thanks really a lot!! Francesca SDFix: Version 1.69 Run by Francesca - 02/03/2007 @ 11.36.19,58 Microsoft Windows XP [Versione 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\18935de2af7bc3632dd5a9975bca87a7\BIT9.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\795e9519bc7aef76cafa1adb468d24ec\download\BIT6.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79edbfe4678658c1291c3c5bce43556d\BITB.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7b438482daecba165e423aeb0e69d89c\BITA.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b1a734f9cbdd841e1847d3568884b8b8\download\BIT7.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d57768e995d2d29f85e7b8a4c1c5577a\BITC.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e3c496f70c43464c9438623ddb3ac3c0\BIT8.tmp Add/Remove Programs List: D-Link DSL Modem Aggiornamento rapido per Windows XP - KB873339 Aggiornamento rapido per Windows XP - KB885835 Aggiornamento rapido per Windows XP - KB885836 Aggiornamento rapido per Windows XP - KB885884 Aggiornamento rapido per Windows XP - KB886185 Aggiornamento rapido per Windows XP - KB887472 Aggiornamento rapido per Windows XP - KB888302 Aggiornamento rapido per Windows XP - KB890859 Aggiornamento rapido per Windows XP - KB891781 LiveUpdate 3.0 (Symantec Corporation) Microsoft .NET Framework 2.0 Mozilla Firefox (2.0.0.2) Norton Internet Security 2006 (Symantec Corporation) ccCommon Norton Internet Security CC_ccProxyExt ccPxyCore Norton AntiSpam Norton Internet Security Norton AntiSpam Macromedia Flash Player 8 Microsoft .NET Framework 2.0 MSXML 4.0 SP2 Parser and SDK SPBBC Norton Protection Center Microsoft Office XP Professional with FrontPage Norton Internet Security Adobe Reader 8 - Italiano MSRedist SymNet Norton AntiVirus 2006 hp deskjet 5600 Norton Internet Security Norton Internet Security Norton WMI Update Norton WMI Update Norton Internet Security Finished

[francescakujken]

In any case, I'm waiting the ADMIN . Francesca

[LDTate]

Please do not post your logs in someone else's thread. Start a new thread by clicking on New Topic. Please DO NOT bump your log.

[Vino Rosso]

But, during and after updating my computer goes on asking for more space . My Ram is little , so it could be that updates need where to insall, but ran hijack this just to avoid it could be a trojan .
As I'm not able to undestand it could you look up to my ouyput please?
Thankyou

francesca

Ciao Francesca

Norton is well known to tie up a computer's resources and, if your computer doesn't have much memory, it could struggle to do other things while Norton is updating itself and scanning your files.

Let's clean out the temporary files and run a scan.

Please print out these instructions as you will not have access to the internet during this fix.

1 - Clean Out Temporary Files
Download ATF Cleaner by Atribune © from >here<
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

• Make sure that all browser windows are closed
• Double-click the shortcut on your desktop to run the program.
• Under Main, choose Select All
• UNtick Prefetch
• Click Empty Selected
• If you use Firefox browser,
  • Click Firefox at the top and choose Select All
  • Click on Empty Selected
  • NOTE: If you would like to keep any saved passwords, please untick that option.
• If you use Opera browser,
  • Click Opera at the top and choose Select All
  • Click on Empty Selected
  • NOTE: If you would like to keep any saved passwords, please untick that option.
• Click Exit to close.

2 - Scan With AVG Anti-Spyware
Download the trial version of AVG Anti-Spyware from >here< and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.
Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

• Click the Update icon at the top and under Manual Update click the Start update button.
• The program will either update or inform you that no update was available.

You will need to change the following settings:

• Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
• Click the Update icon and untick the automatic update option.
• Click the Scanner icon at the top and then click the Settings Tab.
• Under How to act? click Recommended actions and select Quarantine from the menu.

You can now close AVG Anti-Spyware. Do not scan yet.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

3 - Boot to Safe Mode and Scan

• Restart your computer.
• Continually tap the F8 button as your computer is booting (a menu appears).
• Use up-arrow key to select Safe Mode and press Enter.

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan? - Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan your computer.
• When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Tray Icon and select Exit.

Reboot in Normal Mode.

4 - Check on status
After you have completed the above, please reboot and provide:

• the AVG Anti-Spyware Scan report
• a new HijackThis log
• and a description of how your PC is behaving - what problems are you now experiencing?

Remember, if you can, it's worth printing these instructions out before you start.

Good Luck
Vino

[francescakujken]

My excuses to the ADMIN for my intrusion. I'll go on on this thread or restart a new in future.

Caro Vino rosso,
I had some difficulties AVG antispyware in finding 'Possibly unwanted software' checked in safe mode , as the screen was too small to see all , though it was checked in normal mode . I neither found apply all actions as the scan was clean .
The computer seems to work more swiftly .
The real problem which were two infections :wtf: found while insalling norton after having uninstalled all the protection for a Linksys ADSL connection problem, did not represent any more. I feel rather safe but would like to be sure.
In any case here are the reports :
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19.57.18 04/03/2007

+ Scan result:



Nothing found.







Logfile of HijackThis v1.99.1
Scan saved at 20.35.39, on 04/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDA68D95-B688-4144-BA69-38CEB4FE8797}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{53257449-952B-4695-9943-EEA7C279EDD6}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\hpdj.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe




::Report end



Grazie mille davvero (Thanks really a lot)!

Francesca

[Vino Rosso]

Cara Francesca

It is possible that Norton picked up a couple of minor infections or even reported a couple of false positives. Either way, your HijackThis log appears clean and here's some valuable information that will help to keep it that way.

1 - All Clean
This is adapted from my general post for the 'All Clean' status however please advise on any problems you may still have before proceding with the following:-

Hide your System Files
These files are hidden to avoid accidental deletion so please follow these steps:

Click Start
Open My Computer
Select Tools > Folder Options > Select the View Tab
Uncheck Show hidden files and folders in the Hidden files and folders section
Select Hide protected operating system files (recommended) option
Click OK, OK

Reset your system restore points
This will remove any infected files that may have been backed up by Windows. Should you have any problems following this step, a tutorial is available >here<. Please note that you need Administrator privileges to do the following:

Turn off System Restore
Start > right-click My Computer and select Properties
Click the System Restore tab
Tick Turn off System Restore
Click Apply, and then click OK.

Restart your computer

Turn ON System Restore
Start > Right-click on My Computer and select Properties
Click on the System Restore tab
Click on C: drive then Settings
Untick Turn off System Restore on this drive
OK, OK

Make Internet Explorer more secure
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Note: If you are using IE, you may want to consider changing to Mozilla FireFox which offers more features than IE however remember that you still need to use IE for certain sites like Microsoft Updates.

Windows Updates
Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Anti-Virus
It is important that your computer has anti-virus software installed and it is updated at least on a weekly basis. Further information and programs can be found >here<

Firewall
Using a Firewall in its default configuration greatly reduces the risk of your computer being hacked. Further information and programs can be found >here<

Hosts File
For added protection you may also like to add a host file, for more information regarding host files read >here<

Anti-Malware Programs (all free)
Next, if they're not already present, I would recommend the download and installation of some or all of the following programs, and the updating of them on a regular basis:

• Ad-Aware SE - This is a program that scans for and removes known spyware from your machine. >Tutorial<
• Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. >Tutorial<
  These two tools (Ad-Aware & Spybot) are perfect complements to each other as one will most always find something the other missed.
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machine.
  >Tutorial<
• IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer. >Tutorial<

Safe Computing
Vino

[francescakujken]

Carissimo Vino Rosso, regarding the point 'please advise on any problems you may still have before proceeding', I don't think to have big problems, despite a slight slowness of the pc some times, but I wonder if this is a problem, so, I would go on. I had also a pair of questions, as reading the protection tool liks: do I have to unisinstall one of my antivirus (norton or AVG) to have only one AV, or normally disactivate one of the two? If so, which one? Moreover, can I keep more than one antispyware? Saluti al "vin brule'" (greetings with "vin brule'") Francesca P.S.: by the way and by chance, do you think Silvio Scaglia's Babelgum will require new types of protection to users?

[Vino Rosso]

I don't think to have big problems, despite a slight slowness of the pc some times, but I wonder if this is a problem

This could be for many reasons. I've included a 'spring clean' post below which may help.

as reading the protection tool liks: do I have to unisinstall one of my antivirus (norton or AVG) to have only one AV, or normally disactivate one of the two? If so, which one? Moreover, can I keep more than one antispyware?

You should only have ONE antivirus program running... running two will cause problems. AVG Anti-Spyware can be run with Norton. AVG-AS real-time monitoring will expire after 30 days. Unless you buy the licence, you must update and scan AVG-AS manually.
Generally, it is not a good idea to be running more than one real-time scanner at a time. The will slow down your computer and they may conflict with each other. You can have more than one if you switch off one program's real-time scanning and use it 'on demand'. That is, you run the program manually.

P.S.: by the way and by chance, do you think Silvio Scaglia's Babelgum will require new types of protection to users?

I think any file/data will require protection of some type. I hope one day that all hardware we use will have in-built protection against everything... but that is really just a wish

Ciao

====================================

1 - Spring Clean PC
The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

a) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

b.) Download ATF Cleaner by Atribune from Please download to your Desktop ATF Cleaner by Atribune from >here<. This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and greys out the other(s).

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

c) Double click My Computer
Right click the disc drive you wish to check, usually C:
Click Properties
On the General tab, compare the Free Space with the capacity of the drive. In order to operate efficiently, Windows requires a certain amount of free space on the hard drive. If this is less than 15% you should consider removing any unused or unnecessary programs and temporary files.

Now click the Tools tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C: )" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

An information window will open saying,"The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed only by restarting Windows. Do you want to schedule this disk check to occur the next time you restart the computer?" Click Yes

d) Go to Start > Run > type sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click >here<

e) Defragment your hard drive. A tutorial for disc defragmentation is available >here<

f) Download StartUp Inspector from >here< and run the program.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

g) Indexing Service creates indexes of the contents and properties of all files on local and network drives in order to increase file searching speed. It's quite similar to "Find Fast" that ships with Microsoft Office. Indexing Service runs continuously and can slow down your PC's general performance because it has to index files continuously. If you don't need slightly faster file searches, the feature can be safely turned off. Note: Indexing Service is turned on by default for all NTFS partitions.

Turning this service off to increase overall performance: Open My Computer > right-click on a Drive icon > Select Properties > UNcheck Allow Indexing Service to index this disk for fast file searching > Click Apply. Make sure to select Apply changes to subfolders and files before clicking OK in the new window.

h) Some visual effects used by Windows XP can cause your PC to operate slowly. To see if this speeds things up try:
Start > right-click on My Computer > Properties
Advanced tab > under Performance, click on the Settings button
Visual Effects tab, select Adjust for Best Performance

[francescakujken]

Dear Vino, there was only a 'possible disturbing element' signaled by norton internet security after an update of microsoft windows XP (Genuine installer and office XP updates) I did while waiting your reply, as reading of windows updates on the mail. So, now I'll run the spring clean before my all clan operation. I'll let you know as soon as I've finished. Grazie mille!!! Francesca

[francescakujken]

Dear Vino,
I did almost everything.
At the beginning the free space was 10%; now it's 24%! Thankyou!!!
I only couldn't remove the start up programs applying with Startup inspector, couldn't find the 'UNcheck Allow Indexing Service to index those disk for fast file searching', and could't click on C: drive and Settings in 'turn On system Restore', but did the operation as in the explanatory link; probably italian software is different.
I downloaded and run 'Spybot' which has found a pair of cookies- doubleclick and webtrends- but no hijackers.
Do you think the pc is safe?
I downloaded the 'host file' zip, unzipped it and trying to make it run.
In the 'short list of recommended software' lavasoft seems to be recomended better than AVG-anytispyware: do you think it better?
For the rest my pc is quicker and fine.
GRAZIE!!

Dear Vino did you know that on http://int.primopiat...rch/recipes.jsp there is italian wine (and recepies) information?

Francesca

[Vino Rosso]

At the beginning the free space was 10%; now it's 24%! Thankyou!!!

I think the recommended minimum space is 15% otherwise Windows cannot operate properly so 24% is much better.

couldn't find the 'UNcheck Allow Indexing Service to index those disk for fast file searching',

Try using Windows Explorer, right-click on the C:\ drive and select properties
UNcheck Allow Indexing Service to index this disk for fast file searching > Click Apply
Make sure to select Apply changes to subfolders and files before clicking OK in the new window.

Do you think the pc is safe?

Your log appears clean and you are not having any problems so all seems OK.

I downloaded the 'host file' zip, unzipped it and trying to make it run.
In the 'short list of recommended software' lavasoft seems to be recomended better than AVG-anytispyware: do you think it better?

Lavasoft's Adaware and AVG Anti-Spyware are both very good programs. As yet, no one program will catch all malware so I would recommend continuing to use both as 'on demand' scanners.

For the rest my pc is quicker and fine.
GRAZIE!!

You are very welcome

Thank you for the web site link to the Italian wine. Mi dispiace ma mio italiano non e bene. Vado in italia per duo o tre volte ogni anno. Questo anno, vado a verona in maggio. Ciao

[francescakujken]

I found it: it was under 'advanced' of 'general' in 'proprieties'. Italian software! But a few things strange happened just now. My firefox disappeared suddanly when reducing to browser to the toolbar, and reappeared only after an ATF cleaner run. Then I was opening another window with T. Coyote messages and my message went away. I can't neither open the forum from the quick start page. Some hours ago, my print of some articles of password registered journals were blocked when changing the USB of ADSL with the printer USB (I used an adapter and it turned safe), but a few pages of another article printed a lot of Js, Bs, Os and a bunch of confued letters as though the language had been changed. The windows some times block or are closed from the top as a carpet let down from a balcony. Maybe I have to recheck my free space. For the rest my Pc is a road runner. I didn't realize you didn't know italian well. I had the suspect you were an italian living in Italy, till now. Your italian is perfect except when you say you don't know it; so it's better you don't say it or say 'Il mio italiano non e' molto buono', but people wouldn't believe you!! If you happen to return to Verona in Summer, you can listen to Opera at the Arena in the open air theater, but maybe you already know it. In any case, Verona is really a little jewel for me.

Edited by francescakujken, 06 March 2007 - 07:56 PM.

[Vino Rosso]

I found it: it was under 'advanced' of 'general' in 'proprieties'. Italian software!

Good! Yes, it sounds like your software is slightly different.

My firefox disappeared suddanly when reducing to browser to the toolbar, and reappeared only after an ATF cleaner run. Then I was opening another window with T. Coyote messages and my message went away. I can't neither open the forum from the quick start page.

I could be that running ATF with Firefox open caused a small problem. Also, if you deleted cookies, you would not be able to access the forum without logging in again. How are things now?

Some hours ago, my print of some articles of password registered journals were blocked when changing the USB of ADSL with the printer USB (I used an adapter and it turned safe), but a few pages of another article printed a lot of Js, Bs, Os and a bunch of confued letters as though the language had been changed.

This is common when the printer has received part of the information to print or the information has been interrupted, for example when changing the USB lead before the printer's memory is empty. You need to empty the printer's memory by switching it off and removing the power lead. Often, the computer's print buffer will also need to be emptied. Sometimes this can be done by the printer software, other times the computer has to be re-started.

The windows some times block or are closed from the top as a carpet let down from a balcony. Maybe I have to recheck my free space.

This can also happen when your antivirus or protection programs are scanning your computer, especially if your computer is short of memory. To check what is slowing things down, open Task Manager, click on Processes tab, then click on CPU so that the largest percentage is at the top. This will show you which process is slowing things down.

Vino

[francescakujken]

Ok.
Got the messages.
Now my browser doesn't disappear any more; it should have been just a chance. I wonder where is the task manager but I'll find it with a bit of search .
In any case you are really a great friend!!
When you go to Verona eat some 'Tortellini di Valeggio' for mee too!!
If you want to taste some italian recepies, like panettone or other, with some vino, you can exercize your italian with http://www.paneangel...p;CurrentPage=1

Francesca

Edited by francescakujken, 07 March 2007 - 03:59 PM.