Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help Crazy Malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Stevos

Stevos

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 18 April 2007 - 04:26 AM

Hi Please help i can not get rid of this annoying malware Link fixed as as not to cause problems cpvfeed.com Its driving me crazy Heres my Log Logfile of HijackThis v1.99.1 Scan saved at 6:14:39 PM, on 18/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

Edited by ken545, 21 April 2007 - 03:20 PM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 20 April 2007 - 01:12 PM

Stevos :D

Welcome to Tom Coyote . I need to see a complete HJT log including the header.


Hijackthis 1.99.1
Its important that Hijackthis is installed in its own permanent folder for backup purposes.
  • Go to where you currently have HJT installed and delete the whole folder.
  • Use the link above or the links in my signature to download HJT 1.99.1 setup to your desktop
  • Double Click on the Setup icon and by defaut it will unzip to C:\Program Files\Hijackthis
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
  • Please use Posted Imageand not Posted Image
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Stevos

Stevos

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 20 April 2007 - 07:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:17:22 AM, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks for your help.

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 April 2007 - 03:17 PM

Stevos :D

Sorry for the delay getting back to you but I was away most of the day. I am not looking at anything bad on your HJT log. Lets run the trial of AVG Anti Spyware , make sure you follow the instructions and have it set to remove or Quarantine what it finds and also to Save the log, without the report my hands are tied as it will show me what and what was not removed along with some possible tell tale signs of an infection.

Easy Spy Remover was on the list of bogus programs but it seems they have cleaned up there act a bit but I don't think its a program that I would want on my system or recommend to others, so its your call to keep it or not.

cpvfeed.com <-- What exactly is this link doing to your system, I am asking because I do not click on links
Its driving me crazy


Make sure you follow these instructions correctly to Remove or Quarantine what it finds and also to save the report, without me seeing the report my hands are tied.
Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
  • Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.
Boot your computer into Safemode
  • Go to Start> Shut Off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to SAFEMODE
  • Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode


IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5
Post the AVG Log and a New HJT log please.

Edited by ken545, 21 April 2007 - 03:22 PM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 Stevos

Stevos

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 21 April 2007 - 09:39 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:29:37 AM, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:24:53 AM 22/04/2007

+ Scan result:



C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/CMEIIAPI.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/CMESys.exe -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/CMEUpd.exe -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GController.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GDwldEng.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GFormCTM.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GIoclClient.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GStore.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GStoreServer.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GSvcMgr.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/CMEII/GSvcSAP.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/GMT/EGNSEngine.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/GMT/GMT.exe -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/GMT/egIEEngine.dll -> Adware.Gator : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/Program Files/Common Files/GMT/GFD1001_OnFlow2054.exe -> Adware.OnFlow : No action taken.
C:\Documents and Settings\Steven\My Documents\myob10\L6a01612/OLD_DATA/liveshows/dialer.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@bigpond.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6walysldzwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6wfliagc5gep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6wgmychdjobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6wjk4wmc5ikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6wjliojcjkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@e-2dj6wjmicgajmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@ehg-alt64.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@statse.webtrendslive[5].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Steven\Cookies\steven@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

thanks again for your help .That cpv link just keeps popping up i never open links either dont know where it came from.

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 April 2007 - 06:21 AM

If you look at your AVG log you will see entries for Claria which does send you pop ups, but you did not set AVG to remove it all like i said so I suggest you run it again and have it remove everything it finds.


Open Hijackthis
  • Go to Misc Tools> Open Uninstall Manager.
  • Click on Save List.
  • The list will open in Notepad.
  • Copy and Paste the List into this thread

Edited by ken545, 22 April 2007 - 06:23 AM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 April 2007 - 07:38 PM

Have you resolved your issue or do you still need help??

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 Stevos

Stevos

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 26 April 2007 - 08:12 AM

thanks for your help so far i've tried everything you suggested avg picks up the feed i am having problem with and i delete it but when i open explore again it comes back and every time i run avg it picks it up is there anything else i can try.

#9 Stevos

Stevos

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 26 April 2007 - 08:16 AM

3D Galaxy Journey Screensaver ABBYY FineReader 5.0 Sprint Plus Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Reader 8 Apple Software Update AVG Anti-Spyware 7.5 Battlestations: Midway BitTorrent 5.0.7 CC_ccProxyExt ccCommon ccPxyCore DVD Solution HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hijackthis 1.99.1 HijackThis 1.99.1 Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) i-Cool InCD K-Lite Codec Pack 2.84 Full Lexmark 5200 Series Lexmark Fax Solutions LG ODD Auto Firmware Update LiveUpdate 3.0 (Symantec Corporation) Match-Up! Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Windows XP Video Decoder Checkup Utility MSRedist Multimedia Launcher Nero Suite Norton AntiSpam Norton AntiSpam Norton AntiVirus 2006 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2006 (Symantec Corporation) Norton Protection Center Norton WMI Update Norton WMI Update NVIDIA Drivers Power2Go 4.0 PowerDVD PowerProducer QuickTime Realtek High Definition Audio Driver Security Update for Windows XP (KB923789) SPBBC Symantec KB-DocID:2003093015493306 The Battle for Middle-earth ™ The Battle for Middle-earth ™ II The Lord of the Rings, The Rise of the Witch-king VideoLAN VLC media player 0.8.6a Windows Defender Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 WinRAR archiver Xfire (remove only) XP Royale Theme

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 April 2007 - 10:49 AM

I don't see that feed your talking about in either your HJT log or the AVG log, do like I suggested and run AVG again, make sure you have it set to remove or quarantine what it finds and post the new report for me to see.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 May 2007 - 05:22 AM

This topic is being closed due to lack of response, if you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users