Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Laptop is being attacked.


  • Please log in to reply
11 replies to this topic

#1 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 16 March 2007 - 11:32 PM

This drivecleaner exe. always attacks me and my browser shuts down automatically. Also my compy is very slow now :thumbdown: . Please help. Thank you





Logfile of HijackThis v1.99.1
Scan saved at 7:23:52 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\weyegtpe.dll",setvm
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove


#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 17 March 2007 - 03:57 AM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 17 March 2007 - 04:22 AM

Rename HijackThis.exe to Scanner.exe and send a fresh HijackThis log :)

#4 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 20 March 2007 - 07:56 PM

Scanner.exe


Logfile of HijackThis v1.99.1
Scan saved at 6:50:54 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\weyegtpe.dll",setvm
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#5 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 21 March 2007 - 07:44 AM

Hi.

You didn't rename the HijackThis.exe. That is very important thing. You must rename HijackThis.exe and send a fresh HijackThis log.

O2's and O20's lines are missing and when you rename HijackThis then it shows them. :)

Instruction to rename HijackThis.exe:

Find HijackThis. It is located at: C:\Documents and Settings\Owner\Desktop\HijackThis.exe
so it is on your desktop. Right-click on HijackThis.exe and choose "rename" and rename it to scanner.exe

Edited by Markka, 21 March 2007 - 07:45 AM.


#6 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 21 March 2007 - 11:19 PM

I hope I did it right this time. Sorry.

Logfile of HijackThis v1.99.1
Scan saved at 10:14:35 PM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Documents and Settings\Owner\Desktop\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ylvavhim.dll (file missing)
O2 - BHO: (no name) - {D681186B-D94A-47F9-A274-66A7E571B576} - C:\WINDOWS\Registration\pivdd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\weyegtpe.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: pivdd - C:\WINDOWS\Registration\pivdd.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 22 March 2007 - 06:59 AM

Hi, you did good job :thumbup:


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Create a new folder to the dekstop and named it to HJT. After that move scanner.exe to HJT folder. (same folder than you just made)

Open HijackThis, Click Do a system scan only, checkmark these and press fix checked:

O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ylvavhim.dll (file missing)
O2 - BHO: (no name) - {D681186B-D94A-47F9-A274-66A7E571B576} - C:\WINDOWS\Registration\pivdd.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\weyegtpe.dll",setvm
O20 - Winlogon Notify: pivdd - C:\WINDOWS\Registration\pivdd.dll




Delete these files: (if found)
C:\WINDOWS\system32\weyegtpe.dll
C:\WINDOWS\system32\ylvavhim.dll



Post a fresh HijackThis log and contents of C:\vundofix.txt

#8 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 23 March 2007 - 10:56 AM

Vundo fix worked awesome. thanks.
This is the file you asked for.


Logfile of HijackThis v1.99.1
Scan saved at 9:51:41 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\Documents and Settings\Owner\Desktop\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7BB38415-89AD-4AF0-A3C7-EF139796829E} - C:\WINDOWS\Registration\pivdd.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#9 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 24 March 2007 - 03:51 AM

Move HijackThis (Scanner.exe) into a own folder -> C:\hjt\

Open HijackThis, Click Do a system scan only, checkmark these and press fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {7BB38415-89AD-4AF0-A3C7-EF139796829E} - C:\WINDOWS\Registration\pivdd.dll (file missing)




Your java is out of date. Update your java.

Instruction:
  • -> Go to Control panel -> Add/remove programs
  • -> Find java from the list
  • -> Delete java(s)
  • -> Please download from here a new java and install it.
  • -> The latest java version is: Java Runtime Environment (JRE) 6.0


Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.



Post:
- a fresh HijackThis log
- AVG's log

#10 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 25 March 2007 - 08:49 AM

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:28:57 AM 3/25/2007 + Scan result: HKU\S-1-5-21-484763869-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Ignored. C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP281\A1119876.dll -> Adware.Virtumonde : Ignored. C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP281\A1119891.dll -> Adware.Virtumonde : Ignored. C:\VundoFix Backups\gebcb.dll.bad -> Adware.Virtumonde : Ignored. C:\VundoFix Backups\pivdd.dll.bad -> Adware.Virtumonde : Ignored. HKU\S-1-5-21-484763869-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Ignored. HKU\S-1-5-21-484763869-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined). :mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.10:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.5:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.2o7 : Cleaned. :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.10:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.10:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.10:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.11:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.11:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.12:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.7:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.8:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.9:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Advertising : Cleaned. :mozilla.10:C:\RECYCLER\NPROTECT\00070706.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.14:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.20:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Atdmt : Cleaned. :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.11:C:\RECYCLER\NPROTECT\00070706.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.11:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.12:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.14:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.6:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Doubleclick : Cleaned. :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Information : Cleaned. :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.12:C:\RECYCLER\NPROTECT\00070706.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.13:C:\RECYCLER\NPROTECT\00070706.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.15:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070075.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070078.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.16:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070707.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.17:C:\RECYCLER\NPROTECT\00070708.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.18:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070709.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.19:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\Documents and Settings\Guest\Application Data\Netscape\NSB\Profiles\75rmdcm7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\RECYCLER\NPROTECT\00070710.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\RECYCLER\NPROTECT\00070712.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\RECYCLER\NPROTECT\00070721.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.20:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.21:C:\RECYCLER\NPROTECT\00070783.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.21:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.22:C:\RECYCLER\NPROTECT\00070793.MOZ -> TrackingCookie.Mediaplex : Cleaned. :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned. :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc4x4e14.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP278\A1114832.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP279\A1117709.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP279\A1118074.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP281\A1119938.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B1E80449-7C6E-42AB-9AC3-46B70C775DB7}\RP281\A1119883.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\VundoFix Backups\DP.sys.bad -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\etvwmixu.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\jjcgqbfb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\kcbwwqlu.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\luaoqlln.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\ojpgejqq.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\pccotflf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\rrqdkdnl.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). ::Report end

#11 Dantana

Dantana

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 25 March 2007 - 08:51 AM

Here is the hjt file. Hope this all worked. Thanks a million!

Logfile of HijackThis v1.99.1
Scan saved at 7:46:28 AM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\anti virus folder\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#12 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 26 March 2007 - 06:28 AM

Hi. You have Norton and I think it includes a firewall? Am I right? If Norton includes the firewall then delete ZoneAlarm. :)


Disable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • Select Turn off System Restore
  • Click apply and click OK
  • Reboot!
Enable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • un-check Turn off System Restore
  • Click apply and click OK
  • Reboot!

Do you have any problems/questions?

Post a fresh HijackThis log.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users