Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Tech Help

Started by harmony3 , Apr 26 2007 12:44 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 26 April 2007 - 12:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:34:40 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171864291406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - file://C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msrdp.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 April 2007 - 05:11 AM

harmony3 :D

Welcome to Tom Coyote . It's not a matter of what to remove or keep, remove the wrong entries and you can disable your system. Your log looks fine, no malware that I can see. What issues are you having to make you post in a malware removal forum??

I would use windows updates and install IE7 as its more secure than IE6.

Ken

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 26 April 2007 - 07:23 AM

Ken, Thanks for the welcome, I cleaned up my system fairly well in the last few days. So basically, I just needed someone with some knowledge to tell me all looks good. It's a fairly long story about my computer, (ex- took it before he was an ex and had one of his friends work on it) So I have been somewhat leary, since there had been keyloggers and spyware programs downloaded. (removed a year ago by a comp tech.) So basically any knowledge I can learn along the way would be greatly appreciated. :) Harmony

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 April 2007 - 10:35 AM

Harmony :D

If there was a keylogger on your system it would have showed up on your HJT log. Lets run the trial of AVG Anti Spyware as it may show things that are not showing up on your log.


It's extremely important that you follow these instructions to either Remove or Quarantine what it finds and save the report for me to see, it shows what and what not was removed along with an extensive report that may lead to other infections that are not showing on your HJT log. Without me seeing the report my hands are tied.


Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop. It's very important that I see the report so make sure you follow the instructions and save the log.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
  • Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.
Boot your computer into Safemode
  • Go to Start> Shut Off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to SAFEMODE
  • Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode


IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5

I need to see the AVG Log and a New HJT log please.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 29 April 2007 - 01:51 AM

Ken,

Here it is,
Logfile of HijackThis v1.99.1
Scan saved at 12:20:28 AM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CallClerk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171864291406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - file://C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msrdp.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:59:36 PM 4/28/2007

+ Scan result:



C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0016317.exe -> Not-A-Virus.Monitor.Win32.PCAcme.61 : No action taken.
C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0016320.sys -> Not-A-Virus.Monitor.Win32.PCAcme.61 : No action taken.
C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0017275.dll -> Not-A-Virus.Monitor.Win32.PCAcme.61 : No action taken.
C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0016321.exe -> Not-A-Virus.Monitor.Win32.PCAcme.63 : No action taken.
C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0016322.exe -> Not-A-Virus.Monitor.Win32.PCAcme.63 : No action taken.
C:\System Volume Information\_restore{31F59332-80B2-4AA3-BC87-58C1E2AEB973}\RP118\A0016323.exe -> Not-A-Virus.Monitor.Win32.PCAcme.64 : No action taken.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@microsoftwlsearchcrm.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@ie.search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@auto.search.msn[2].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w1w3nodo.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Donna\Cookies\donna@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end
Thank-you

Harmony

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 April 2007 - 08:00 AM

Good Morning harmony3 :D

Your log still looks fine but you had some bad stuff in your System Restore program that we need to flush out.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.
  • Right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.


Turn ON System Restore.
  • Right-click My Computer.
  • ClickProperties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.

Create a new Restore Point <-- Very Important
  • Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
    You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point
System Restore Tutorial <-- If you need it


Run this system cleaner.

Download and Install CCleaner
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner


Let me know if all is ok and if so I have some free programs for you to install to help keep you more secure.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 29 April 2007 - 09:48 AM

Good Morning Ken, :wavey: I manage to do everything you suggested, After running the CCcleaner ....... A folder named dc99 could not be removed, it was being used by another person or program. I had everything closed down and nothing running. I am not sure what this folder is, any suggestions? Thanks so much harmony

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 April 2007 - 11:31 AM

We need to make sure all hidden files are showing :
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.

Do a windows search for dc99 When you find it, right click on it and click on Properties and let me know what the file is and what company owns it

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 29 April 2007 - 12:42 PM

I did a search online since I could not find the file on my computer and here is what I found, someone else had the same problem and they were unable to delete files out of their recycle bin and this dc99 kept popping up, well I went to my recycle bin and could not delete. Went to safe mode and was able to delete files from the bin that way. And I havent seen it since. The file dc99 that is. Take Care harmony3

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 April 2007 - 01:07 PM

Thats great, glad you got rid of it. :thumbup:


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.


Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.4
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Ad-Aware SE Personal 1.06
    Check for Updates and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.
Thanks for stopping by Tom Coyote , I'm glad I was able to help you. :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 April 2007 - 02:48 PM

Donna,

Do this.

Open Hijackthis
  • Go to Misc Tools> Open Uninstall Manager.
  • Click on Save List.
  • The list will open in Notepad.
  • Copy and Paste the List into this thread


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#12 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 29 April 2007 - 04:06 PM

Ken, here you go.... Ad-Aware SE Personal Adobe Reader 8 AOL Uninstaller AppCore a-squared HiJackFree 2.1 AV AVG Anti-Spyware 7.5 BCM V.92 56K Modem ccCommon CCleaner (remove only) Dell Media Experience Dell ResourceCD GearDrvs HijackThis 1.99.1 Intel® PRO Network Connections Drivers J2SE Runtime Environment 5.0 Update 6 Java™ SE Runtime Environment 6 Update 1 LiveReg (Symantec Corporation) LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Baseline Security Analyzer 2.0.1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Windows OneCare Live v1.5.1890.26 Microsoft Windows OneCare Live v1.5.1890.26 Idcrl Install MSN MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 Parser and SDK Norton 360 Norton 360 Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA Windows 2000/XP Display Drivers PowerDVD Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Internet Explorer 7 (KB928090) SoundMAX SPBBC 32bit SuppSoft Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet Viewpoint Media Player Wal-Mart Music Downloads Store Windows Defender Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 2 Harmony3 :)

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 April 2007 - 05:30 PM

He seemed to install a lot or programs related to software a corporation would use.

These you can remove safely via the Add Remove programs in the Control Panel.
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player

There is nothing bad in there, are you trying to consolidate disk space??

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#14 harmony3

harmony3

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 30 April 2007 - 02:44 AM

Ken,

So software a corporation would use...hmmm......seems my computer would run faster if I delete these running processes/programs. But then again I am not the computer wiz. These are the programs this gentleman added to my system and they seem to be the ones I always have issues with, not sure if thats because viruses like to hide in them or what?..lol....



O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.ex



In task mgr I will have as many as 7 running processeses with this image name---- ccsvchost
Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

.- Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hostsHost


Sorry if I am confusing you, its late and I need to get some zzzzzzzz.....As always thanks for any input and help you can offer.
Donna

#15 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 30 April 2007 - 05:07 AM

Everything you listed is legit for the programs you are running. Is it the Symantec thing your having issues with? If it was my computer I would uninstall all the Symantec programs and install just one good Anti Virus program, stay away from the suites that contain everything ( like what you have now ) as they tend to bog you down. I use just the standalone version of Norton AV and the free firewall from Zonelabs.

These are totally your call to remove, but these are what I was talking about.

a-squared HiJackFree 2.1 <-- Not needed , the free tools I suggested will help protect you.

You can uninstall these if you don't use them
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK

This is what you have for Symantec, your call to keep it or go with a stand alone.
http://www.symantec.com/norton360/
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component

You basically can go to the Add-Remove Programs and uninstall any program that you don't use as long as you know what it is and if you installed it. There are some programs that are needed for windows to run .I think I would post in our other forum for Other Computer Problems and let them help you pick through the list before you start uninstalling programs.
Other Computer Problems<-- Our own forum

Ken :)

Edited by ken545, 30 April 2007 - 05:08 AM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·