Jump to content


Photo

computer really slow to load, think may have malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 22 April 2007 - 08:00 AM

My computer takes really slow to load and I need help knowing what is the problem. I have a lsass.lnk in my start-up and my research says it is a worm loading but it is our only computer and i don't want to get the blame for breaking it. SUPER has also been running slowly practically overnight and on msn messenger I cannot see anyone's web cam. these might be minor problems but my family uses it to send important emails and I don't want one of their business partners to be invaded by a worm thanks to us. I'm sorry if it is a long winded post but i need all the help i can get. you are my last hope before i start randomly deleting things. I know you are busy so thank you for you answer in advance

I run windows XP service pack 2 (came with it) advent, core 2 duo

Logfile of HijackThis v1.99.1
Scan saved at 13:59:18, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=0
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: lsass.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158849984895
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158849969192
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Edited by hallix, 06 May 2007 - 03:26 AM.


#2 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 04 May 2007 - 11:58 PM

Hi hallix,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, please turn off Word Wrap in Notepad. It will make the logs easier to read: :)
  • To turn off Word Wrap, please open Notepad - go to Start -> Run and type notepad, press Enter.
  • Then go to the Format menu and uncheck Word Wrap.
  • Exit Notepad.

NEXT:

We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make.

To disable Windows Defender:
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.

NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [Install5G] D:\Install.exe /SI=0
O4 - Startup: lsass.lnk = ?



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FILES (if they exist):

D:\Install.exe


Please let me know if you encountered any problems finding or deleting the file.


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the Windows tab.
  • Select the following:
    • Check everything under the Internet Explorer section.
    • Check everything under the Windows Explorer section.
    • Check everything under the System section.
    • Check ONLY Old Prefetch data under the Advanced section.
  • Then, click the Applications tab:
    • UNCHECK everything there.
  • Next, click the Options button, then click the Advanced button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.
CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you donít know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please do an online scan with Panda ActiveScan:
  • Once you are on the Panda site click the "Scan your PC" button located at the bottom of the page.
  • A new window will open... click the "Check Now" button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your e-mail address.
  • Select either Home User or Company.
  • Click the big "Free Online Scan" button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
  • When the download is complete, click on "Local Disks" to start the scan.
  • When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

NEXT:

Please do an online scan with Kaspersky Online Scanner:
  • Click on Kaspersky Online Scanner.
  • You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Now under select a target to scan:
    • Select My Computer.
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan.
  • The log from the Panda scan.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#3 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 08 May 2007 - 12:59 AM

my computer is still really slow to start. I did not find D:\Install.exe I think hijackthis got rid of it. Before my keyboard used to have symbols that were switched around. eg the @ sign was shift and 2 but now they are fine!
When i last did a panda activescan it found a trojan but this time it wasn't there. SUPER is better. my computer doesn't recognise that i have comodo firewall pro installed it keeps telling me that only norton firewall and windows firewall is there. Also i am thinking about installing winpatrol is that a good idea.

here is my combofix result:
"chi-chi" - 07-05-07 9:05:12 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Program Files\Combofix\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))


2007-05-06 09:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-01 19:31 <DIR> d-------- C:\Program Files\Mp3TagToolsv12
2007-05-01 17:44 <DIR> d-------- C:\Program Files\FixTunes
2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\CloudBrain
2007-05-01 17:37 <DIR> d-------- C:\Program Files\JetAudio
2007-05-01 17:37 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-04-24 17:36 <DIR> d-------- C:\Program Files\AVIcodec
2007-04-21 23:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-21 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-21 22:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-21 21:04 <DIR> d-------- C:\Program Files\IObit
2007-04-21 21:00 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Smart PC Solutions
2007-04-21 13:17 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\FLV Extract
2007-04-21 13:16 <DIR> d-------- C:\Program Files\FLV_Extract
2007-04-21 13:15 <DIR> d-------- C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive
2007-04-20 17:05 <DIR> d-------- C:\Program Files\IrfanView
2007-04-19 17:58 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\COWON
2007-04-18 19:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-18 19:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-04-18 19:27 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SUPERAntiSpyware.com
2007-04-18 18:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-18 09:45 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-18 09:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-17 18:01 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Uniblue
2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Comodo
2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-04-14 14:38 <DIR> d-------- C:\Program Files\Comodo
2007-04-13 19:38 <DIR> d-------- C:\WINDOWS\pss
2007-04-13 17:57 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-04-13 17:57 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-13 16:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-13 16:19 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Tenebril
2007-04-13 16:09 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-04-13 16:09 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-04-13 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-04-13 15:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 15:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-13 15:56 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Lavasoft
2007-04-13 11:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-12 19:30 <DIR> d-------- C:\WINDOWS\Performance
2007-04-12 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-04-12 17:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-12 17:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\GRETECH
2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
2007-04-12 09:08 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\vlc
2007-04-12 09:07 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Media Player Classic
2007-04-12 09:06 <DIR> d-------- C:\Program Files\VideoLAN
2007-04-12 08:50 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-04-12 08:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-04-12 08:44 <DIR> d-------- C:\Program Files\Replay AV 8
2007-04-11 08:38 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-04-09 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\U3
2007-04-09 09:47 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-04-08 22:43 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\U3


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-07 00:05 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-05-06 09:48 -------- d-------- C:\Program Files\flashget
2007-05-03 17:28 -------- d-------- C:\Program Files\snapshot viewer
2007-05-03 17:23 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\officeupdate12
2007-05-01 17:37 -------- d--h----- C:\Program Files\installshield installation information
2007-04-21 22:25 -------- d-------- C:\Program Files\windows defender
2007-04-21 22:24 -------- d-------- C:\Program Files\norton internet security
2007-04-21 22:23 -------- d-------- C:\Program Files\messenger
2007-04-21 22:21 -------- d-------- C:\Program Files\google
2007-04-21 22:13 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\symantec
2007-04-12 09:28 -------- d-------- C:\Program Files\gretech
2007-04-11 08:37 540 --a------ C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini
2007-04-04 17:59 737280 --a------ C:\WINDOWS\iun6002.exe
2007-04-03 16:31 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-04-03 16:31 -------- d-------- C:\Program Files\avisynth 2.5
2007-04-02 09:39 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\alibre design
2007-04-02 09:30 -------- d-------- C:\Program Files\xvid
2007-04-02 08:38 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-04-02 08:38 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-31 12:59 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\urusoft
2007-03-31 11:26 -------- d-------- C:\Program Files\divx
2007-03-31 09:48 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\google
2007-03-27 18:00 -------- d-------- C:\Program Files\lame-3.96.1
2007-03-27 08:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-03-27 08:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 08:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 08:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 08:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 08:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-03-27 08:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 08:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-03-27 08:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 08:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 08:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 08:48 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-26 19:04 -------- d-------- C:\Program Files\freesky video joiner
2007-03-24 20:47 -------- d-------- C:\Program Files\napster
2007-03-24 12:07 -------- d-------- C:\Program Files\coreaac
2007-03-21 18:36 28672 --a------ C:\WINDOWS\st2.exe
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 22:03 -------- d-------- C:\Program Files\erightsoft
2007-03-09 21:29 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\googleweathergadget
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll
2007-03-04 12:55 1936528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-03-04 12:55 135168 --a------ C:\WINDOWS\system32\dskernel2.dll
2007-02-26 10:26 46 --a------ C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat
2007-02-21 12:47 31744 -r-hs---- C:\WINDOWS\system32\msfdx.dll
2007-02-19 19:04 2 --a------ C:\WINDOWS\system32\srecorder.dll
2007-02-16 02:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-11 22:42 1168 --a------ C:\WINDOWS\mozver.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AGRSMMSG"="AGRSMMSG.exe"
"HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PnPUI Registrator"="C:\\Program Files\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - chi-chi.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - chi-chi.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-07 09:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-07 9:06:28
C:\ComboFix ... 07-05-07 09:06
C:\ComboFix-quarantined-files.txt ... 07-05-07 09:06
C:\ComboFix2.txt ... 07-05-06 09:44

here is my panda activescan result

Incident Status Location

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cookies.txt[.com.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Program Files\Combofix\ComboFix.exe[ComboFixT\nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

#4 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 08 May 2007 - 01:01 AM

here is my kavscan log

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 07, 2007 9:01:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/05/2007
Kaspersky Anti-Virus database records: 315157
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 49052
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:32:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03302007-101411.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3828669777_2818048_42009 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3828669777_7143424_42602 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{5F33C5F0-A089-48D7-857D-357A081A3E92}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B8F87CA9-EA87-428B-A423-21A38E2459C0}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cert8.db Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\flashgot.log Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\history.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\key3.db Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\parent.lock Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\chi-chi\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\chi-chi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\History\History.IE5\MSHist012007050720070508\index.dat Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Temp\~DFCCA6.tmp Object is locked skipped
C:\Documents and Settings\chi-chi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chi-chi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\chi-chi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0828NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0852NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Creatix V.92 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{496BDB88-EED5-4A55-81E3-EFC88D002B92}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 07:01:00, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158849984895
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158849969192
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

thank you in advance

#5 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 09 May 2007 - 08:44 AM

Hi hallix, :wave:

Youíre most welcome, hallix. :)


my computer is still really slow to start.

Weíll look into that once all the malware is gone from your system, OK? :)


my computer doesn't recognise that i have comodo firewall pro installed it keeps telling me that only norton firewall and windows firewall is there. Also i am thinking about installing winpatrol is that a good idea.

Turn off Windows Firewall and Norton Firewall. You should only have one (1) firewall running. Two or more will only interfere with each other and make your system less secure.

You could try uninstalling and reinstalling Comodo Firewall. See if Windows will recognize it now (it does on my system, but then it is the only firewall running on my system).

WinPatrol is a reputable product. But, unnecessary. Weíll recommend some good and FREE products for you to enhance your systemís security once weíre done cleaning it up. :)

OK, letís do this next.

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\st2.exe
    C:\WINDOWS\system32\ltmm15.dll


  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Close OTMoveIt.
  • Please post the log from OTMoveIt, located here:

    C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


NEXT:

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to next file:

    C:\WINDOWS\system32\dskernel2.dll

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Then please do the same as above for the following files:

C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat
C:\WINDOWS\system32\srecorder.dll
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\SBFC.dat
C:\WINDOWS\system32\archlib.dll


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from OTMoveIt.
  • The reports from VirusTotal.
  • A new ComboFix log.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#6 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 10 May 2007 - 12:28 PM

the otmoveit log:

C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini moved successfully.
C:\WINDOWS\iun6002.exe moved successfully.
C:\WINDOWS\st2.exe moved successfully.
C:\WINDOWS\system32\ltmm15.dll unregistered successfully.
C:\WINDOWS\system32\ltmm15.dll moved successfully.

Created on 05/09/2007 16:50:51


the virustotal reports are:

Complete scanning result of "archlib.dll", received in VirusTotal at 05.10.2007, 18:25:27 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 no virus found
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.10.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.10.2007 no virus found
ClamAV devel-20070416 05.10.2007 no virus found
DrWeb 4.33 05.10.2007 no virus found
eSafe 7.0.15.0 05.10.2007 no virus found
eTrust-Vet 30.7.3624 05.10.2007 no virus found
Ewido 4.0 05.10.2007 no virus found
FileAdvisor 1 05.10.2007 no virus found
Fortinet 2.85.0.0 05.10.2007 no virus found
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.10.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.10.2007 no virus found
NOD32v2 2256 05.10.2007 no virus found
Norman 5.80.02 05.10.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.10.2007 no virus found
Webwasher-Gateway 6.0.1 05.10.2007 no virus found
Aditional Information
File size: 180224 bytes
MD5: b2cfe0aa4d83f78887d348fc39b57434
SHA1: 5d9ff358afaeb9c88302b947fc6424e973a94e4e

Complete scanning result of "DonationCoder_urlsnooper_InstallI", received in VirusTotal at 05.10.2007, 17:45:16 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 no virus found
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.10.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.10.2007 no virus found
ClamAV devel-20070416 05.10.2007 no virus found
DrWeb 4.33 05.10.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3624 05.10.2007 no virus found
Ewido 4.0 05.10.2007 no virus found
FileAdvisor 1 05.10.2007 no virus found
Fortinet 2.85.0.0 05.10.2007 no virus found
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.10.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.10.2007 no virus found
NOD32v2 2256 05.10.2007 no virus found
Norman 5.80.02 05.10.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.10.2007 no virus found
Webwasher-Gateway 6.0.1 05.10.2007 no virus found
Aditional Information
File size: 46 bytes
MD5: dee3d77cf2c999d9616af1515380806b
SHA1: c1283276fa4333556a881b464007e62a497f80bd

Complete scanning result of "DSKernel2.dll", received in VirusTotal at 05.10.2007, 17:44:10 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 no virus found
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.10.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.10.2007 no virus found
ClamAV devel-20070416 05.10.2007 no virus found
DrWeb 4.33 05.10.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3624 05.10.2007 no virus found
Ewido 4.0 05.10.2007 no virus found
FileAdvisor 1 05.10.2007 no virus found
Fortinet 2.85.0.0 05.10.2007 no virus found
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.10.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.10.2007 no virus found
NOD32v2 2256 05.10.2007 no virus found
Norman 5.80.02 05.10.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.10.2007 no virus found
Webwasher-Gateway 6.0.1 05.10.2007 no virus found
Aditional Information
File size: 135168 bytes
MD5: 449c4720e96e9f178bca17ea747a135f
SHA1: 114fc1e0aad95d064eb649004ba61609fba1024e

Complete scanning result of "srecorder.dll", received in VirusTotal at 05.10.2007, 18:32:05 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 no virus found
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.10.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 no virus found
CAT-QuickHeal 9.00 05.10.2007 no virus found
ClamAV devel-20070416 05.10.2007 no virus found
DrWeb 4.33 05.10.2007 no virus found
eSafe 7.0.15.0 05.10.2007 no virus found
eTrust-Vet 30.7.3624 05.10.2007 no virus found
Ewido 4.0 05.10.2007 no virus found
FileAdvisor 1 05.10.2007 No threat detected
Fortinet 2.85.0.0 05.10.2007 no virus found
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.10.2007 no virus found
Ikarus T3.1.1.7 05.10.2007 no virus found
Kaspersky 4.0.2.24 05.10.2007 no virus found
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.10.2007 no virus found
NOD32v2 2256 05.10.2007 no virus found
Norman 5.80.02 05.10.2007 no virus found
Panda 9.0.0.4 05.10.2007 no virus found
Prevx1 V2 05.10.2007 Polymorphic Trojans
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.10.2007 no virus found
Webwasher-Gateway 6.0.1 05.10.2007 no virus found
Aditional Information
File size: 2 bytes
MD5: c4103f122d27677c9db144cae1394a66
SHA1: 1489f923c4dca729178b3e3233458550d8dddf29
Bit9 info: http://fileadvisor.b...db144cae1394a66
Prevx info: http://fileinfo.prev...PXC=c4101192767

when I tried to scan
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\SBFC.dat

it came up with a page saying: 0 bytes size received / Se ha recibido un archivo vacio

this is the combofix log:

"chi-chi" - 07-05-10 17:59:26 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Program Files\Combofix\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 ))))))))))))))))))))))))))))))))))


2007-05-10 17:34 <DIR> d-------- C:\Program Files\Mp3tag
2007-05-10 17:34 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Mp3tag
2007-05-09 16:49 <DIR> d-------- C:\Program Files\moveit
2007-05-09 00:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 09:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-01 17:44 <DIR> d-------- C:\Program Files\FixTunes
2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\CloudBrain
2007-05-01 17:37 <DIR> d-------- C:\Program Files\JetAudio
2007-05-01 17:37 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-04-24 17:36 <DIR> d-------- C:\Program Files\AVIcodec
2007-04-21 23:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-21 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-21 21:04 <DIR> d-------- C:\Program Files\IObit
2007-04-21 21:00 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Smart PC Solutions
2007-04-21 13:17 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\FLV Extract
2007-04-21 13:16 <DIR> d-------- C:\Program Files\FLV_Extract
2007-04-21 13:15 <DIR> d-------- C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive
2007-04-20 17:05 <DIR> d-------- C:\Program Files\IrfanView
2007-04-19 17:58 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\COWON
2007-04-18 19:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-18 19:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-04-18 19:27 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SUPERAntiSpyware.com
2007-04-18 18:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-18 09:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-17 18:01 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Uniblue
2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Comodo
2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-04-14 14:38 <DIR> d-------- C:\Program Files\Comodo
2007-04-13 19:38 <DIR> d-------- C:\WINDOWS\pss
2007-04-13 17:57 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-04-13 17:57 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-13 16:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-13 16:19 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Tenebril
2007-04-13 16:09 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-04-13 16:09 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-04-13 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-04-13 15:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 15:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-13 15:56 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Lavasoft
2007-04-13 11:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-12 19:30 <DIR> d-------- C:\WINDOWS\Performance
2007-04-12 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-04-12 17:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-12 17:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\GRETECH
2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
2007-04-12 09:08 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\vlc
2007-04-12 09:07 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Media Player Classic
2007-04-12 09:06 <DIR> d-------- C:\Program Files\VideoLAN
2007-04-12 08:50 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-04-12 08:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-04-12 08:44 <DIR> d-------- C:\Program Files\Replay AV 8
2007-04-11 08:38 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-10 17:53 -------- d-------- C:\Program Files\flashget
2007-05-10 06:53 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\u3
2007-05-09 16:51 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-05-07 09:25 -------- d-------- C:\Program Files\windows defender
2007-05-07 09:24 -------- d-------- C:\Program Files\norton internet security
2007-05-07 09:22 -------- d-------- C:\Program Files\messenger
2007-05-07 09:21 -------- d-------- C:\Program Files\google
2007-05-07 09:12 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\symantec
2007-05-03 17:28 -------- d-------- C:\Program Files\snapshot viewer
2007-05-03 17:23 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\officeupdate12
2007-05-01 17:37 -------- d--h----- C:\Program Files\installshield installation information
2007-04-12 09:28 -------- d-------- C:\Program Files\gretech
2007-04-09 09:47 -------- d-------- C:\Program Files\Common Files\swf studio
2007-04-03 16:31 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-04-03 16:31 -------- d-------- C:\Program Files\avisynth 2.5
2007-04-02 09:39 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\alibre design
2007-04-02 09:30 -------- d-------- C:\Program Files\xvid
2007-04-02 08:38 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-04-02 08:38 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-31 12:59 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\urusoft
2007-03-31 11:26 -------- d-------- C:\Program Files\divx
2007-03-31 09:48 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\google
2007-03-27 18:00 -------- d-------- C:\Program Files\lame-3.96.1
2007-03-27 08:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-03-27 08:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 08:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 08:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 08:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 08:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-03-27 08:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 08:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-03-27 08:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 08:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 08:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 08:48 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-26 19:04 -------- d-------- C:\Program Files\freesky video joiner
2007-03-24 20:47 -------- d-------- C:\Program Files\napster
2007-03-24 12:07 -------- d-------- C:\Program Files\coreaac
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 22:03 -------- d-------- C:\Program Files\erightsoft
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll
2007-03-04 12:55 135168 --a------ C:\WINDOWS\system32\dskernel2.dll
2007-02-26 10:26 46 --a------ C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat
2007-02-21 12:47 31744 -r-hs---- C:\WINDOWS\system32\msfdx.dll
2007-02-19 19:04 2 --a------ C:\WINDOWS\system32\srecorder.dll
2007-02-16 02:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-11 22:42 1168 --a------ C:\WINDOWS\mozver.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AGRSMMSG"="AGRSMMSG.exe"
"HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PnPUI Registrator"="C:\\Program Files\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\LaunchU3.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - chi-chi.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - chi-chi.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 18:00:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-10 18:00:48
C:\ComboFix-quarantined-files.txt ... 07-05-10 18:00

the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 18:02:07, on 10/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158849984895
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158849969192
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Thank you!

#7 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 11 May 2007 - 06:12 AM

Hi hallix, :wave:

Youíre most welcome, hallix. :)

OK, letís see what else might be causing your problem.

Please go to Start -> Run and type (or copy and paste):

devmgmt.msc

Click "OK".


Your systemís Device Manager will now open:
  • Double-click "IDE ATA/ATAPI controllers".
  • Right-click "Primary IDE Channel", select "Properties", then click on the "Advanced Settings" tab.
  • In the "Transfer Mode" dropdown list, please ensure that you have "DMA if available" for "Device 0" and "Device 1".
  • If the drop-down box already shows "DMA if available" but the current transfer mode is PIO, then you must toggle the settings. That is:
    • Change the selection from "DMA if available" to "PIO Only", then click "OK".
    • Then repeat the steps above to change the selection to "DMA if available".
  • Once you have completed the steps above for the Primary IDE Channel, then do the same for the Secondary IDE Channel.
Reboot your computer for the change to take effect.

NOTE: After reboot, please go back into the Device Manager and see whether the current transfer mode has been reset to DMA. If the current transfer mode remains PIO, then please right-click the Primary IDE or Secondary IDE channel, and select Uninstall. Reboot again, and let me know if the problem persists.


NEXT:

Please download Autoruns by Sysinternals and save it to your desktop:
  • Unzip (extract) it to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it.
  • In the main Autoruns window, go to the "Logon" tab, and uncheck the following entries:

    nwiz
    SunJavaUpdateSched
    NvMediaCenter


  • Then please exit Autoruns.
You may also check with these websites about any programs on your system that can be stopped from running at startup without compromising performance or usage:Reboot your computer to set the new startup settings.


NEXT:

Please register (it's free, don't worry) with PC Pitstop and run the full tests here:
http://www.pcpitstop...top/default.asp

When the tests are complete, a results page will pop up. Click "Share Results with TechExpress" on the top right-hand side. Then copy the URL provided and post it here for me.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#8 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 13 May 2007 - 03:23 AM

sorry if i have done something wrong but my startup still takes the same amount of time even though i have disabled 7 items including the 3 you contributed but my computer takes 30-40 seconds on the welcome screen and a further 20 or more on the advent screen. does this mean a trojan is loading.

on my Primary IDE Channel it said DMA if available for device 0 and 1 but for device 1 it was not applicable this was the same for my Secondary IDE Channel except that it said not applicable for both devices.

TechExpress link for your current results:
http://www.pcpitstop...KFZHWBPXNWSTH1W

thank you in advance sorry for taking so long to reply

#9 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 13 May 2007 - 04:17 AM

Hi hallix, :wave:

No worries about the late reply. Weíre always open here. :)


on my Primary IDE Channel it said DMA if available for device 0 and 1 but for device 1 it was not applicable this was the same for my Secondary IDE Channel except that it said not applicable for both devices.

Is the Current Transfer Mode showing DMA or PIO?

If the current transfer mode is showing PIO, uninstall the device and reboot your system. Then check it again. Let me know if the problem persists.


sorry if i have done something wrong but my startup still takes the same amount of time even though i have disabled 7 items including the 3 you contributed but my computer takes 30-40 seconds on the welcome screen and a further 20 or more on the advent screen. does this mean a trojan is loading.

No, those times are not excessively slow. My old computer does about the same. And, there is no malware in your system that we can see. :)

Nothing major in your PC Pitstop results either. Could you run CCleaner one more time? Then go to the PC Pitstop page and you will see a Customized Tune-up Tips section just for your computer. Do the instructions there and see if that will improve your systemís performance.


NEXT:

For this next step, please have your original Windows XP installation CD handy.

Then, please go to Start -> My Computer:
  • Right-click on Local Disk (C:) (or whichever is your primary drive), and select "Properties".
  • Now go to the "Tools" tab, and click the "Check Now" button.
  • Put a checkmark next to:
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors.
  • Then click the "Start" button.
  • You will receive a prompt to reboot your computer. Select "Yes" or "OK", and please reboot your computer if it doesnít do so automatically.
  • The Check Disk utility will now scan your hard drive for any damaged system files and/or hard drive sectors. Please be patient, as this scan may take awhile to complete.
  • Follow any prompts that may appear.

Edited by Sempurna, 13 May 2007 - 04:20 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#10 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 13 May 2007 - 11:23 AM

the current transfer mode for device 1 in the Primary IDE Channel says : not applicable
the current transfer mode for device 0 and 1 in the Secondary IDE Channel says: not applicable
but in the transfer mode they all say DMA if available.

I will do the disk check right away but what about those polymorphic trojans. I looked them up and it says that they are trojans which change so they are not picked up by virus scans, how do i get rid of them.

#11 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 14 May 2007 - 01:47 AM

Hi hallix, :wave:

You mean ALL your devices in the Primary and Secondary IDE Channels are showing "not applicable" for the current transfer mode, and don't show either DMA or PIO?

That would mean a serious hardware problem, especially for your primary hard drive.

Let's see whether the chkdsk scan will pick up any bad sectors.

There are no indications of any polymorphic trojans/viruses on your system. Is there any strange behaviour on your machine that makes you suspect you have any polymorphic malware in your system? The scanner's we've used are pretty good in picking up such malware.

If you like, we can do two other scans that are very good in picking up such polymorphic malware.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download Dr.Web CureIt and save it to your desktop.

NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download.

Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the Safe Mode menu item, and then press "Enter".
Now scan with Dr.Web CureIt:
  • Double-click the cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow.
  • After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings".
  • Choose the "Scan" tab, uncheck the mark at "Heuristic analysis".
  • Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK".
  • Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).
  • Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.
  • After the scan, go to the "View" menu -> "Report list".
  • Then go to the "File" menu -> "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply.
  • Close Dr.Web CureIt.
  • REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

NEXT:

Please do an online scan with BitDefender Online Scanner:
  • Once finished, click on the "Details" button to view the results.
  • To the upper right of the results you will see an option saying "Click here to export the scan results".
  • Post the log of the scan results in your next reply.

NEXT:

Please reboot your computer normally into Windows, and then please post the log from the Dr.Web CureIt scan, along with the log from the BitDefender scan and a new HijackThis log.

Edited by Sempurna, 14 May 2007 - 01:51 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#12 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 27 May 2007 - 09:02 AM

sooooooooo sorry i took so long to reply. :weep: i haven't been allowed on the computer because it has been my exam week for the past two weeks. I only said that i thought i had a polymorphic trojan because when "srecorder.dll" got scanned at the website it came up under prevx1 as a polymorphic trojan apart from that everything is alright. I haven't done the scans because if you don't think i have a trojan then thats fine. My computer seems okay. If you want me to still do them, tell me. thank you for your time

#13 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 28 May 2007 - 06:01 AM

Hi hallix, :wave:

You're most welcome, hallix. :)

No worries about the late reply. We all have lives outside this forum as well. :)

Nope, you don't have to do the scans, unless you suspect something amiss in your system. :)

Please let me see one last HijackThis log before I pronounce your system clean. :D
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#14 hallix

hallix

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 28 May 2007 - 09:57 AM

I installed a new version of ccleaner, which installed yahoo toolbar but I have deleted this. but I'm clueless to what my family has done

Logfile of HijackThis v1.99.1
Scan saved at 15:50:08, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158849984895
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158849969192
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

thank you for your help. could you please tell me some free products to use or products i have installed that are unneeded. thankyou again:D.

#15 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 28 May 2007 - 10:20 AM

Hi hallix, :wave:

Youíre most welcome, hallix. :)

Your HijackThis log appears to be clean. :)

Just run HijackThis and fix this next stray entry:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


could you please tell me some free products to use or products i have installed that are unneeded.

Well, you donít have that many processes running, so thereís nothing unneeded to discard there. I do notice that you are using Comodoís firewall (an excellent choice, by the way :) ) together with Symantecís internet security. Please make sure that Symantecís firewall is disabled as two or more firewalls running will conflict with each other and make your system less secure and more unstable. Also turn of Windows firewall as well.

Your system is pretty well protected already. I would recommend installing another two security apps, both of which will substantially increase your security, but wonít take one iota of system resources. :)

SpywareBlaster
This is a great FREE prevention tool to keep nasties from installing on your system.
Tutorial: How to use!


IE-SPYAD
This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Tutorial: How to use!


Do let me know if you need anything else. Weíre always here to help you with any enquiries that you may have.

Cheers! :wave:
~ Sempurna
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 30 May 2007 - 08:52 AM

Edit: Sorry, dupe post.

Edited by Sempurna, 30 May 2007 - 08:53 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#17 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 June 2007 - 05:42 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button