• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hallix

computer really slow to load, think may have malware

17 posts in this topic

My computer takes really slow to load and I need help knowing what is the problem. I have a lsass.lnk in my start-up and my research says it is a worm loading but it is our only computer and i don't want to get the blame for breaking it. SUPER has also been running slowly practically overnight and on msn messenger I cannot see anyone's web cam. these might be minor problems but my family uses it to send important emails and I don't want one of their business partners to be invaded by a worm thanks to us. I'm sorry if it is a long winded post but i need all the help i can get. you are my last hope before i start randomly deleting things. I know you are busy so thank you for you answer in advance

 

I run windows XP service pack 2 (came with it) advent, core 2 duo

 

Logfile of HijackThis v1.99.1

Scan saved at 13:59:18, on 22/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Intelligent\Common\RaUI.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [install5G] D:\Install.exe /SI=0

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: lsass.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849984895

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849969192

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Edited by hallix

Share this post


Link to post
Share on other sites

Hi hallix,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

First of all, please turn off Word Wrap in Notepad. It will make the logs easier to read: :)

  • To turn off Word Wrap, please open Notepad - go to Start -> Run and type notepad, press Enter.
  • Then go to the Format menu and uncheck Word Wrap.
  • Exit Notepad.

 

NEXT:

 

We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make.

 

To disable Windows Defender:

  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.

 

NEXT:

 

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)

O4 - HKLM\..\Run: [install5G] D:\Install.exe /SI=0

O4 - Startup: lsass.lnk = ?

 

 

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

 

Then please exit HijackThis.

 

 

NEXT:

 

Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FILES (if they exist):

 

D:\Install.exe

 

 

Please let me know if you encountered any problems finding or deleting the file.

 

 

NEXT:

 

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

 

Please download CCleaner (freeware) and save it to your desktop:

  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the Windows tab.
  4. Select the following:
    • Check everything under the Internet Explorer section.
    • Check everything under the Windows Explorer section.
    • Check everything under the System section.
    • Check ONLY Old Prefetch data under the Advanced section.

[*]Then, click the Applications tab:

  • UNCHECK everything there.

[*]Next, click the Options button, then click the Advanced button:

  • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".

[*]Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

 

 

NEXT:

 

Please download ComboFix by sUBs:

 

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

NEXT:

 

Please do an online scan with Panda ActiveScan:

  1. Once you are on the Panda site click the "Scan your PC" button located at the bottom of the page.
  2. A new window will open... click the "Check Now" button.
  3. Enter your Country.
  4. Enter your State/Province.
  5. Enter your e-mail address.
  6. Select either Home User or Company.
  7. Click the big "Free Online Scan" button.
  8. If it wants to install an ActiveX component allow it.
  9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
  10. When the download is complete, click on "Local Disks" to start the scan.
  11. When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

 

NEXT:

 

Please do an online scan with Kaspersky Online Scanner:

  1. Click on Kaspersky Online Scanner.
  2. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on Next.
  5. Now click on Scan Settings.
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases

[*]Click OK.

[*]Now under select a target to scan:

  • Select My Computer.

[*]This program will start and scan your system.

[*]The scan will take a while so be patient and let it run.

[*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save Report As button.
  • In the File name: field, type kavscan.
  • In the Save as type: field, select Text file (*.txt).

[*]Save the file to your desktop.

[*]Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from the ComboFix scan.
  2. The log from the Panda scan.
  3. The log from the Kaspersky scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

 

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

Share this post


Link to post
Share on other sites

my computer is still really slow to start. I did not find D:\Install.exe I think hijackthis got rid of it. Before my keyboard used to have symbols that were switched around. eg the @ sign was shift and 2 but now they are fine!

When i last did a panda activescan it found a trojan but this time it wasn't there. SUPER is better. my computer doesn't recognise that i have comodo firewall pro installed it keeps telling me that only norton firewall and windows firewall is there. Also i am thinking about installing winpatrol is that a good idea.

 

here is my combofix result:

"chi-chi" - 07-05-07 9:05:12 Service Pack 2

ComboFix 07-04-25.4V - Running from: "C:\Program Files\Combofix\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))

 

 

2007-05-06 09:44 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-01 19:31 <DIR> d-------- C:\Program Files\Mp3TagToolsv12

2007-05-01 17:44 <DIR> d-------- C:\Program Files\FixTunes

2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\CloudBrain

2007-05-01 17:37 <DIR> d-------- C:\Program Files\JetAudio

2007-05-01 17:37 <DIR> d-------- C:\Program Files\Common Files\COWON

2007-04-24 17:36 <DIR> d-------- C:\Program Files\AVIcodec

2007-04-21 23:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com

2007-04-21 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft

2007-04-21 22:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-04-21 21:04 <DIR> d-------- C:\Program Files\IObit

2007-04-21 21:00 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Smart PC Solutions

2007-04-21 13:17 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\FLV Extract

2007-04-21 13:16 <DIR> d-------- C:\Program Files\FLV_Extract

2007-04-21 13:15 <DIR> d-------- C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive

2007-04-20 17:05 <DIR> d-------- C:\Program Files\IrfanView

2007-04-19 17:58 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\COWON

2007-04-18 19:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-04-18 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-04-18 19:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-04-18 19:27 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SUPERAntiSpyware.com

2007-04-18 18:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-04-18 09:45 <DIR> d-------- C:\Program Files\Yahoo!

2007-04-18 09:45 <DIR> d-------- C:\Program Files\CCleaner

2007-04-17 18:01 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Uniblue

2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Comodo

2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo

2007-04-14 14:38 <DIR> d-------- C:\Program Files\Comodo

2007-04-13 19:38 <DIR> d-------- C:\WINDOWS\pss

2007-04-13 17:57 <DIR> d-------- C:\Program Files\SiteAdvisor

2007-04-13 17:57 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee

2007-04-13 16:53 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-04-13 16:19 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Tenebril

2007-04-13 16:09 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll

2007-04-13 16:09 <DIR> d-------- C:\WINDOWS\system32\tenarchlib

2007-04-13 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril

2007-04-13 15:56 <DIR> d-------- C:\Program Files\Lavasoft

2007-04-13 15:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-04-13 15:56 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Lavasoft

2007-04-13 11:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-04-12 19:30 <DIR> d-------- C:\WINDOWS\Performance

2007-04-12 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation

2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBRC.dat

2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBFC.dat

2007-04-12 17:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-04-12 17:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\GRETECH

2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH

2007-04-12 09:08 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\vlc

2007-04-12 09:07 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Media Player Classic

2007-04-12 09:06 <DIR> d-------- C:\Program Files\VideoLAN

2007-04-12 08:50 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter

2007-04-12 08:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-04-12 08:44 <DIR> d-------- C:\Program Files\Replay AV 8

2007-04-11 08:38 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-04-09 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\U3

2007-04-09 09:47 <DIR> d-------- C:\Program Files\Common Files\SWF Studio

2007-04-08 22:43 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\U3

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-05-07 00:05 -------- d-------- C:\Program Files\Common Files\symantec shared

2007-05-06 09:48 -------- d-------- C:\Program Files\flashget

2007-05-03 17:28 -------- d-------- C:\Program Files\snapshot viewer

2007-05-03 17:23 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\officeupdate12

2007-05-01 17:37 -------- d--h----- C:\Program Files\installshield installation information

2007-04-21 22:25 -------- d-------- C:\Program Files\windows defender

2007-04-21 22:24 -------- d-------- C:\Program Files\norton internet security

2007-04-21 22:23 -------- d-------- C:\Program Files\messenger

2007-04-21 22:21 -------- d-------- C:\Program Files\google

2007-04-21 22:13 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\symantec

2007-04-12 09:28 -------- d-------- C:\Program Files\gretech

2007-04-11 08:37 540 --a------ C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini

2007-04-04 17:59 737280 --a------ C:\WINDOWS\iun6002.exe

2007-04-03 16:31 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe

2007-04-03 16:31 -------- d-------- C:\Program Files\avisynth 2.5

2007-04-02 09:39 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\alibre design

2007-04-02 09:30 -------- d-------- C:\Program Files\xvid

2007-04-02 08:38 86016 --a------ C:\WINDOWS\system32\openal32.dll

2007-04-02 08:38 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-03-31 12:59 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\urusoft

2007-03-31 11:26 -------- d-------- C:\Program Files\divx

2007-03-31 09:48 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\google

2007-03-27 18:00 -------- d-------- C:\Program Files\lame-3.96.1

2007-03-27 08:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe

2007-03-27 08:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-03-27 08:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-03-27 08:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-03-27 08:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-03-27 08:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll

2007-03-27 08:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-03-27 08:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll

2007-03-27 08:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-03-27 08:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-03-27 08:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-03-27 08:48 639066 --a------ C:\WINDOWS\system32\divx.dll

2007-03-26 19:04 -------- d-------- C:\Program Files\freesky video joiner

2007-03-24 20:47 -------- d-------- C:\Program Files\napster

2007-03-24 12:07 -------- d-------- C:\Program Files\coreaac

2007-03-21 18:36 28672 --a------ C:\WINDOWS\st2.exe

2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-16 22:03 -------- d-------- C:\Program Files\erightsoft

2007-03-09 21:29 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\googleweathergadget

2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll

2007-03-04 12:55 1936528 --a------ C:\WINDOWS\system32\ltmm15.dll

2007-03-04 12:55 135168 --a------ C:\WINDOWS\system32\dskernel2.dll

2007-02-26 10:26 46 --a------ C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat

2007-02-21 12:47 31744 -r-hs---- C:\WINDOWS\system32\msfdx.dll

2007-02-19 19:04 2 --a------ C:\WINDOWS\system32\srecorder.dll

2007-02-16 02:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe

2007-02-11 22:42 1168 --a------ C:\WINDOWS\mozver.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll

{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"AGRSMMSG"="AGRSMMSG.exe"

"HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"

"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"PnPUI Registrator"="C:\\Program Files\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"

"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\

63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\

6d,73,73,74,79,6c,65,73,00

"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\

73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - chi-chi.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - chi-chi.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-07 09:06:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-05-07 9:06:28

C:\ComboFix ... 07-05-07 09:06

C:\ComboFix-quarantined-files.txt ... 07-05-07 09:06

C:\ComboFix2.txt ... 07-05-06 09:44

 

here is my panda activescan result

 

Incident Status Location

 

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cookies.txt[.com.com/]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Program Files\Combofix\ComboFix.exe[ComboFixT\nircmd.cfexe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Share this post


Link to post
Share on other sites

here is my kavscan log

 

------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, May 07, 2007 9:01:56 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 7/05/2007

Kaspersky Anti-Virus database records: 315157

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 49052

Number of viruses found: 0

Number of infected objects: 0 / 0

Number of suspicious objects: 0

Duration of the scan process: 00:32:29

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03302007-101411.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3828669777_2818048_42009 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3828669777_7143424_42602 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{5F33C5F0-A089-48D7-857D-357A081A3E92}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B8F87CA9-EA87-428B-A423-21A38E2459C0}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\cert8.db Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\flashgot.log Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\history.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\key3.db Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\parent.lock Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\search.sqlite Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\chi-chi\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\chi-chi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Application Data\Mozilla\Firefox\Profiles\jprl07nu.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\History\History.IE5\MSHist012007050720070508\index.dat Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Temp\~DFCCA6.tmp Object is locked skipped

C:\Documents and Settings\chi-chi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chi-chi\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\chi-chi\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0828NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0852NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A5F779F7-F7A5-44A5-88CC-084C6BB92F78}\RP14\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Creatix V.92 Data Fax Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{496BDB88-EED5-4A55-81E3-EFC88D002B92}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

here is my hjt log:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:01:00, on 08/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Intelligent\Common\RaUI.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849984895

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849969192

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

thank you in advance

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

You’re most welcome, hallix. :)

 

 

my computer is still really slow to start.

We’ll look into that once all the malware is gone from your system, OK? :)

 

 

my computer doesn't recognise that i have comodo firewall pro installed it keeps telling me that only norton firewall and windows firewall is there. Also i am thinking about installing winpatrol is that a good idea.

Turn off Windows Firewall and Norton Firewall. You should only have one (1) firewall running. Two or more will only interfere with each other and make your system less secure.

 

You could try uninstalling and reinstalling Comodo Firewall. See if Windows will recognize it now (it does on my system, but then it is the only firewall running on my system).

 

WinPatrol is a reputable product. But, unnecessary. We’ll recommend some good and FREE products for you to enhance your system’s security once we’re done cleaning it up. :)

 

OK, let’s do this next.

 

Please download OTMoveIt by OldTimer:

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\st2.exe
    C:\WINDOWS\system32\ltmm15.dll
     
     
  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Close OTMoveIt.
  • Please post the log from OTMoveIt, located here:
     
    C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
     
    Where mmddyyyy_hhmmss is the date of the tool run.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

 

NEXT:

 

Please go to: VirusTotal

  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to next file:
     
    C:\WINDOWS\system32\dskernel2.dll
     
     
  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

 

Then please do the same as above for the following files:

 

C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat

C:\WINDOWS\system32\srecorder.dll

C:\WINDOWS\system32\SBRC.dat

C:\WINDOWS\system32\SBFC.dat

C:\WINDOWS\system32\archlib.dll

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from OTMoveIt.
  2. The reports from VirusTotal.
  3. A new ComboFix log.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Share this post


Link to post
Share on other sites

the otmoveit log:

 

C:\DOCUME~1\chi-chi\APPLIC~1\autogk.ini moved successfully.

C:\WINDOWS\iun6002.exe moved successfully.

C:\WINDOWS\st2.exe moved successfully.

C:\WINDOWS\system32\ltmm15.dll unregistered successfully.

C:\WINDOWS\system32\ltmm15.dll moved successfully.

 

Created on 05/09/2007 16:50:51

 

 

the virustotal reports are:

 

Complete scanning result of "archlib.dll", received in VirusTotal at 05.10.2007, 18:25:27 (CET).

Antivirus Version Update Result

AhnLab-V3 2007.5.10.0 05.10.2007 no virus found

AntiVir 7.4.0.15 05.10.2007 no virus found

Authentium 4.93.8 05.10.2007 no virus found

Avast 4.7.997.0 05.10.2007 no virus found

AVG 7.5.0.467 05.09.2007 no virus found

BitDefender 7.2 05.10.2007 no virus found

CAT-QuickHeal 9.00 05.10.2007 no virus found

ClamAV devel-20070416 05.10.2007 no virus found

DrWeb 4.33 05.10.2007 no virus found

eSafe 7.0.15.0 05.10.2007 no virus found

eTrust-Vet 30.7.3624 05.10.2007 no virus found

Ewido 4.0 05.10.2007 no virus found

FileAdvisor 1 05.10.2007 no virus found

Fortinet 2.85.0.0 05.10.2007 no virus found

F-Prot 4.3.2.48 05.10.2007 no virus found

F-Secure 6.70.13030.0 05.10.2007 no virus found

Ikarus T3.1.1.7 05.10.2007 no virus found

Kaspersky 4.0.2.24 05.10.2007 no virus found

McAfee 5028 05.10.2007 no virus found

Microsoft 1.2503 05.10.2007 no virus found

NOD32v2 2256 05.10.2007 no virus found

Norman 5.80.02 05.10.2007 no virus found

Panda 9.0.0.4 05.10.2007 no virus found

Prevx1 V2 05.10.2007 no virus found

Sophos 4.17.0 05.08.2007 no virus found

Sunbelt 2.2.907.0 05.05.2007 no virus found

Symantec 10 05.10.2007 no virus found

TheHacker 6.1.6.112 05.10.2007 no virus found

VBA32 3.12.0 05.09.2007 no virus found

VirusBuster 4.3.7:9 05.10.2007 no virus found

Webwasher-Gateway 6.0.1 05.10.2007 no virus found

Aditional Information

File size: 180224 bytes

MD5: b2cfe0aa4d83f78887d348fc39b57434

SHA1: 5d9ff358afaeb9c88302b947fc6424e973a94e4e

 

Complete scanning result of "DonationCoder_urlsnooper_InstallI", received in VirusTotal at 05.10.2007, 17:45:16 (CET).

Antivirus Version Update Result

AhnLab-V3 2007.5.10.0 05.10.2007 no virus found

AntiVir 7.4.0.15 05.10.2007 no virus found

Authentium 4.93.8 05.10.2007 no virus found

Avast 4.7.997.0 05.10.2007 no virus found

AVG 7.5.0.467 05.09.2007 no virus found

BitDefender 7.2 05.10.2007 no virus found

CAT-QuickHeal 9.00 05.10.2007 no virus found

ClamAV devel-20070416 05.10.2007 no virus found

DrWeb 4.33 05.10.2007 no virus found

eSafe 7.0.15.0 05.08.2007 no virus found

eTrust-Vet 30.7.3624 05.10.2007 no virus found

Ewido 4.0 05.10.2007 no virus found

FileAdvisor 1 05.10.2007 no virus found

Fortinet 2.85.0.0 05.10.2007 no virus found

F-Prot 4.3.2.48 05.10.2007 no virus found

F-Secure 6.70.13030.0 05.10.2007 no virus found

Ikarus T3.1.1.7 05.10.2007 no virus found

Kaspersky 4.0.2.24 05.10.2007 no virus found

McAfee 5028 05.10.2007 no virus found

Microsoft 1.2503 05.10.2007 no virus found

NOD32v2 2256 05.10.2007 no virus found

Norman 5.80.02 05.10.2007 no virus found

Panda 9.0.0.4 05.10.2007 no virus found

Prevx1 V2 05.10.2007 no virus found

Sophos 4.17.0 05.08.2007 no virus found

Sunbelt 2.2.907.0 05.05.2007 no virus found

Symantec 10 05.10.2007 no virus found

TheHacker 6.1.6.112 05.10.2007 no virus found

VBA32 3.12.0 05.09.2007 no virus found

VirusBuster 4.3.7:9 05.10.2007 no virus found

Webwasher-Gateway 6.0.1 05.10.2007 no virus found

Aditional Information

File size: 46 bytes

MD5: dee3d77cf2c999d9616af1515380806b

SHA1: c1283276fa4333556a881b464007e62a497f80bd

 

Complete scanning result of "DSKernel2.dll", received in VirusTotal at 05.10.2007, 17:44:10 (CET).

Antivirus Version Update Result

AhnLab-V3 2007.5.10.0 05.10.2007 no virus found

AntiVir 7.4.0.15 05.10.2007 no virus found

Authentium 4.93.8 05.10.2007 no virus found

Avast 4.7.997.0 05.10.2007 no virus found

AVG 7.5.0.467 05.09.2007 no virus found

BitDefender 7.2 05.10.2007 no virus found

CAT-QuickHeal 9.00 05.10.2007 no virus found

ClamAV devel-20070416 05.10.2007 no virus found

DrWeb 4.33 05.10.2007 no virus found

eSafe 7.0.15.0 05.08.2007 no virus found

eTrust-Vet 30.7.3624 05.10.2007 no virus found

Ewido 4.0 05.10.2007 no virus found

FileAdvisor 1 05.10.2007 no virus found

Fortinet 2.85.0.0 05.10.2007 no virus found

F-Prot 4.3.2.48 05.10.2007 no virus found

F-Secure 6.70.13030.0 05.10.2007 no virus found

Ikarus T3.1.1.7 05.10.2007 no virus found

Kaspersky 4.0.2.24 05.10.2007 no virus found

McAfee 5028 05.10.2007 no virus found

Microsoft 1.2503 05.10.2007 no virus found

NOD32v2 2256 05.10.2007 no virus found

Norman 5.80.02 05.10.2007 no virus found

Panda 9.0.0.4 05.10.2007 no virus found

Prevx1 V2 05.10.2007 no virus found

Sophos 4.17.0 05.08.2007 no virus found

Sunbelt 2.2.907.0 05.05.2007 no virus found

Symantec 10 05.10.2007 no virus found

TheHacker 6.1.6.112 05.10.2007 no virus found

VBA32 3.12.0 05.09.2007 no virus found

VirusBuster 4.3.7:9 05.10.2007 no virus found

Webwasher-Gateway 6.0.1 05.10.2007 no virus found

Aditional Information

File size: 135168 bytes

MD5: 449c4720e96e9f178bca17ea747a135f

SHA1: 114fc1e0aad95d064eb649004ba61609fba1024e

 

Complete scanning result of "srecorder.dll", received in VirusTotal at 05.10.2007, 18:32:05 (CET).

Antivirus Version Update Result

AhnLab-V3 2007.5.10.0 05.10.2007 no virus found

AntiVir 7.4.0.15 05.10.2007 no virus found

Authentium 4.93.8 05.10.2007 no virus found

Avast 4.7.997.0 05.10.2007 no virus found

AVG 7.5.0.467 05.09.2007 no virus found

BitDefender 7.2 05.10.2007 no virus found

CAT-QuickHeal 9.00 05.10.2007 no virus found

ClamAV devel-20070416 05.10.2007 no virus found

DrWeb 4.33 05.10.2007 no virus found

eSafe 7.0.15.0 05.10.2007 no virus found

eTrust-Vet 30.7.3624 05.10.2007 no virus found

Ewido 4.0 05.10.2007 no virus found

FileAdvisor 1 05.10.2007 No threat detected

Fortinet 2.85.0.0 05.10.2007 no virus found

F-Prot 4.3.2.48 05.10.2007 no virus found

F-Secure 6.70.13030.0 05.10.2007 no virus found

Ikarus T3.1.1.7 05.10.2007 no virus found

Kaspersky 4.0.2.24 05.10.2007 no virus found

McAfee 5028 05.10.2007 no virus found

Microsoft 1.2503 05.10.2007 no virus found

NOD32v2 2256 05.10.2007 no virus found

Norman 5.80.02 05.10.2007 no virus found

Panda 9.0.0.4 05.10.2007 no virus found

Prevx1 V2 05.10.2007 Polymorphic Trojans

Sophos 4.17.0 05.08.2007 no virus found

Sunbelt 2.2.907.0 05.05.2007 no virus found

Symantec 10 05.10.2007 no virus found

TheHacker 6.1.6.112 05.10.2007 no virus found

VBA32 3.12.0 05.09.2007 no virus found

VirusBuster 4.3.7:9 05.10.2007 no virus found

Webwasher-Gateway 6.0.1 05.10.2007 no virus found

Aditional Information

File size: 2 bytes

MD5: c4103f122d27677c9db144cae1394a66

SHA1: 1489f923c4dca729178b3e3233458550d8dddf29

Bit9 info: http://fileadvisor.bit9.com/services/extin...db144cae1394a66

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=c4101192767

 

when I tried to scan

C:\WINDOWS\system32\SBRC.dat

C:\WINDOWS\system32\SBFC.dat

 

it came up with a page saying: 0 bytes size received / Se ha recibido un archivo vacio

 

this is the combofix log:

 

"chi-chi" - 07-05-10 17:59:26 Service Pack 2

ComboFix 07-04-25.4V - Running from: "C:\Program Files\Combofix\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 ))))))))))))))))))))))))))))))))))

 

 

2007-05-10 17:34 <DIR> d-------- C:\Program Files\Mp3tag

2007-05-10 17:34 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Mp3tag

2007-05-09 16:49 <DIR> d-------- C:\Program Files\moveit

2007-05-09 00:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-06 09:44 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-01 17:44 <DIR> d-------- C:\Program Files\FixTunes

2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\CloudBrain

2007-05-01 17:37 <DIR> d-------- C:\Program Files\JetAudio

2007-05-01 17:37 <DIR> d-------- C:\Program Files\Common Files\COWON

2007-04-24 17:36 <DIR> d-------- C:\Program Files\AVIcodec

2007-04-21 23:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com

2007-04-21 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft

2007-04-21 21:04 <DIR> d-------- C:\Program Files\IObit

2007-04-21 21:00 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Smart PC Solutions

2007-04-21 13:17 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\FLV Extract

2007-04-21 13:16 <DIR> d-------- C:\Program Files\FLV_Extract

2007-04-21 13:15 <DIR> d-------- C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive

2007-04-20 17:05 <DIR> d-------- C:\Program Files\IrfanView

2007-04-19 17:58 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\COWON

2007-04-18 19:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-04-18 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-04-18 19:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-04-18 19:27 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SUPERAntiSpyware.com

2007-04-18 18:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-04-18 09:45 <DIR> d-------- C:\Program Files\CCleaner

2007-04-17 18:01 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Uniblue

2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Comodo

2007-04-14 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo

2007-04-14 14:38 <DIR> d-------- C:\Program Files\Comodo

2007-04-13 19:38 <DIR> d-------- C:\WINDOWS\pss

2007-04-13 17:57 <DIR> d-------- C:\Program Files\SiteAdvisor

2007-04-13 17:57 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor

2007-04-13 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee

2007-04-13 16:53 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-04-13 16:19 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Tenebril

2007-04-13 16:09 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll

2007-04-13 16:09 <DIR> d-------- C:\WINDOWS\system32\tenarchlib

2007-04-13 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril

2007-04-13 15:56 <DIR> d-------- C:\Program Files\Lavasoft

2007-04-13 15:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-04-13 15:56 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Lavasoft

2007-04-13 11:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-04-12 19:30 <DIR> d-------- C:\WINDOWS\Performance

2007-04-12 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation

2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBRC.dat

2007-04-12 18:16 0 --a------ C:\WINDOWS\system32\SBFC.dat

2007-04-12 17:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-04-12 17:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\GRETECH

2007-04-12 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH

2007-04-12 09:08 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\vlc

2007-04-12 09:07 <DIR> d-------- C:\DOCUME~1\chi-chi\APPLIC~1\Media Player Classic

2007-04-12 09:06 <DIR> d-------- C:\Program Files\VideoLAN

2007-04-12 08:50 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter

2007-04-12 08:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-04-12 08:44 <DIR> d-------- C:\Program Files\Replay AV 8

2007-04-11 08:38 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-05-10 17:53 -------- d-------- C:\Program Files\flashget

2007-05-10 06:53 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\u3

2007-05-09 16:51 -------- d-------- C:\Program Files\Common Files\symantec shared

2007-05-07 09:25 -------- d-------- C:\Program Files\windows defender

2007-05-07 09:24 -------- d-------- C:\Program Files\norton internet security

2007-05-07 09:22 -------- d-------- C:\Program Files\messenger

2007-05-07 09:21 -------- d-------- C:\Program Files\google

2007-05-07 09:12 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\symantec

2007-05-03 17:28 -------- d-------- C:\Program Files\snapshot viewer

2007-05-03 17:23 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\officeupdate12

2007-05-01 17:37 -------- d--h----- C:\Program Files\installshield installation information

2007-04-12 09:28 -------- d-------- C:\Program Files\gretech

2007-04-09 09:47 -------- d-------- C:\Program Files\Common Files\swf studio

2007-04-03 16:31 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe

2007-04-03 16:31 -------- d-------- C:\Program Files\avisynth 2.5

2007-04-02 09:39 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\alibre design

2007-04-02 09:30 -------- d-------- C:\Program Files\xvid

2007-04-02 08:38 86016 --a------ C:\WINDOWS\system32\openal32.dll

2007-04-02 08:38 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-03-31 12:59 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\urusoft

2007-03-31 11:26 -------- d-------- C:\Program Files\divx

2007-03-31 09:48 -------- d-------- C:\DOCUME~1\chi-chi\APPLIC~1\google

2007-03-27 18:00 -------- d-------- C:\Program Files\lame-3.96.1

2007-03-27 08:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe

2007-03-27 08:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-03-27 08:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-03-27 08:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-03-27 08:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-03-27 08:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll

2007-03-27 08:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-03-27 08:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll

2007-03-27 08:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-03-27 08:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-03-27 08:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-03-27 08:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-03-27 08:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-03-27 08:48 639066 --a------ C:\WINDOWS\system32\divx.dll

2007-03-26 19:04 -------- d-------- C:\Program Files\freesky video joiner

2007-03-24 20:47 -------- d-------- C:\Program Files\napster

2007-03-24 12:07 -------- d-------- C:\Program Files\coreaac

2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-16 22:03 -------- d-------- C:\Program Files\erightsoft

2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll

2007-03-04 12:55 135168 --a------ C:\WINDOWS\system32\dskernel2.dll

2007-02-26 10:26 46 --a------ C:\WINDOWS\system32\donationcoder_urlsnooper_installinfo.dat

2007-02-21 12:47 31744 -r-hs---- C:\WINDOWS\system32\msfdx.dll

2007-02-19 19:04 2 --a------ C:\WINDOWS\system32\srecorder.dll

2007-02-16 02:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe

2007-02-11 22:42 1168 --a------ C:\WINDOWS\mozver.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll

{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"AGRSMMSG"="AGRSMMSG.exe"

"HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\""

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"

"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"PnPUI Registrator"="C:\\Program Files\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"

"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\

63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\

6d,73,73,74,79,6c,65,73,00

"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\

73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]

Shell\AutoRun\command H:\LaunchU3.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - chi-chi.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - chi-chi.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-10 18:00:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 07-05-10 18:00:48

C:\ComboFix-quarantined-files.txt ... 07-05-10 18:00

 

the hjt log

 

Logfile of HijackThis v1.99.1

Scan saved at 18:02:07, on 10/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Intelligent\Common\RaUI.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\FlashGet\flashget.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849984895

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849969192

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

Thank you!

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

You’re most welcome, hallix. :)

 

OK, let’s see what else might be causing your problem.

 

Please go to Start -> Run and type (or copy and paste):

 

devmgmt.msc

 

Click "OK".

 

 

Your system’s Device Manager will now open:

  • Double-click "IDE ATA/ATAPI controllers".
  • Right-click "Primary IDE Channel", select "Properties", then click on the "Advanced Settings" tab.
  • In the "Transfer Mode" dropdown list, please ensure that you have "DMA if available" for "Device 0" and "Device 1".
  • If the drop-down box already shows "DMA if available" but the current transfer mode is PIO, then you must toggle the settings. That is:
    • Change the selection from "DMA if available" to "PIO Only", then click "OK".
    • Then repeat the steps above to change the selection to "DMA if available".

    [*]Once you have completed the steps above for the Primary IDE Channel, then do the same for the Secondary IDE Channel.

Reboot your computer for the change to take effect.

 

NOTE: After reboot, please go back into the Device Manager and see whether the current transfer mode has been reset to DMA. If the current transfer mode remains PIO, then please right-click the Primary IDE or Secondary IDE channel, and select Uninstall. Reboot again, and let me know if the problem persists.

 

 

NEXT:

 

Please download Autoruns by Sysinternals and save it to your desktop:

  • Unzip (extract) it to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it.
  • In the main Autoruns window, go to the "Logon" tab, and uncheck the following entries:
     
    nwiz
    SunJavaUpdateSched
    NvMediaCenter
     
     
  • Then please exit Autoruns.

You may also check with these websites about any programs on your system that can be stopped from running at startup without compromising performance or usage:

Reboot your computer to set the new startup settings.

 

 

NEXT:

 

Please register (it's free, don't worry) with PC Pitstop and run the full tests here:

http://www.pcpitstop.com/pcpitstop/default.asp

 

When the tests are complete, a results page will pop up. Click "Share Results with TechExpress" on the top right-hand side. Then copy the URL provided and post it here for me.

Share this post


Link to post
Share on other sites

sorry if i have done something wrong but my startup still takes the same amount of time even though i have disabled 7 items including the 3 you contributed but my computer takes 30-40 seconds on the welcome screen and a further 20 or more on the advent screen. does this mean a trojan is loading.

 

on my Primary IDE Channel it said DMA if available for device 0 and 1 but for device 1 it was not applicable this was the same for my Secondary IDE Channel except that it said not applicable for both devices.

 

TechExpress link for your current results:

http://www.pcpitstop.com/techexpress.asp?id=HKFZHWBPXNWSTH1W

 

thank you in advance sorry for taking so long to reply

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

No worries about the late reply. We’re always open here. :)

 

 

on my Primary IDE Channel it said DMA if available for device 0 and 1 but for device 1 it was not applicable this was the same for my Secondary IDE Channel except that it said not applicable for both devices.

Is the Current Transfer Mode showing DMA or PIO?

 

If the current transfer mode is showing PIO, uninstall the device and reboot your system. Then check it again. Let me know if the problem persists.

 

 

sorry if i have done something wrong but my startup still takes the same amount of time even though i have disabled 7 items including the 3 you contributed but my computer takes 30-40 seconds on the welcome screen and a further 20 or more on the advent screen. does this mean a trojan is loading.

No, those times are not excessively slow. My old computer does about the same. And, there is no malware in your system that we can see. :)

 

Nothing major in your PC Pitstop results either. Could you run CCleaner one more time? Then go to the PC Pitstop page and you will see a Customized Tune-up Tips section just for your computer. Do the instructions there and see if that will improve your system’s performance.

 

 

NEXT:

 

For this next step, please have your original Windows XP installation CD handy.

 

Then, please go to Start -> My Computer:

  • Right-click on Local Disk (C:) (or whichever is your primary drive), and select "Properties".
  • Now go to the "Tools" tab, and click the "Check Now" button.
  • Put a checkmark next to:
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors.

    [*]Then click the "Start" button.

    [*]You will receive a prompt to reboot your computer. Select "Yes" or "OK", and please reboot your computer if it doesn’t do so automatically.

    [*]The Check Disk utility will now scan your hard drive for any damaged system files and/or hard drive sectors. Please be patient, as this scan may take awhile to complete.

    [*]Follow any prompts that may appear.

Edited by Sempurna

Share this post


Link to post
Share on other sites

the current transfer mode for device 1 in the Primary IDE Channel says : not applicable

the current transfer mode for device 0 and 1 in the Secondary IDE Channel says: not applicable

but in the transfer mode they all say DMA if available.

 

I will do the disk check right away but what about those polymorphic trojans. I looked them up and it says that they are trojans which change so they are not picked up by virus scans, how do i get rid of them.

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

You mean ALL your devices in the Primary and Secondary IDE Channels are showing "not applicable" for the current transfer mode, and don't show either DMA or PIO?

 

That would mean a serious hardware problem, especially for your primary hard drive.

 

Let's see whether the chkdsk scan will pick up any bad sectors.

 

There are no indications of any polymorphic trojans/viruses on your system. Is there any strange behaviour on your machine that makes you suspect you have any polymorphic malware in your system? The scanner's we've used are pretty good in picking up such malware.

 

If you like, we can do two other scans that are very good in picking up such polymorphic malware.

 

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

 

Please download Dr.Web CureIt and save it to your desktop.

 

NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download.

 

Next, please reboot your computer into Safe Mode by doing the following:

  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the Safe Mode menu item, and then press "Enter".

Now scan with Dr.Web CureIt:

  • Double-click the cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow.
  • After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings".
  • Choose the "Scan" tab, uncheck the mark at "Heuristic analysis".
  • Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK".
  • Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).
  • Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.
  • After the scan, go to the "View" menu -> "Report list".
  • Then go to the "File" menu -> "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply.
  • Close Dr.Web CureIt.
  • REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

 

NEXT:

 

Please do an online scan with BitDefender Online Scanner:

  • Once finished, click on the "Details" button to view the results.
  • To the upper right of the results you will see an option saying "Click here to export the scan results".
     
  • Post the log of the scan results in your next reply.

 

NEXT:

 

Please reboot your computer normally into Windows, and then please post the log from the Dr.Web CureIt scan, along with the log from the BitDefender scan and a new HijackThis log.

Edited by Sempurna

Share this post


Link to post
Share on other sites

sooooooooo sorry i took so long to reply. :weep: i haven't been allowed on the computer because it has been my exam week for the past two weeks. I only said that i thought i had a polymorphic trojan because when "srecorder.dll" got scanned at the website it came up under prevx1 as a polymorphic trojan apart from that everything is alright. I haven't done the scans because if you don't think i have a trojan then thats fine. My computer seems okay. If you want me to still do them, tell me. thank you for your time

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

You're most welcome, hallix. :)

 

No worries about the late reply. We all have lives outside this forum as well. :)

 

Nope, you don't have to do the scans, unless you suspect something amiss in your system. :)

 

Please let me see one last HijackThis log before I pronounce your system clean. :D

Share this post


Link to post
Share on other sites

I installed a new version of ccleaner, which installed yahoo toolbar but I have deleted this. but I'm clueless to what my family has done

 

Logfile of HijackThis v1.99.1

Scan saved at 15:50:08, on 28/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Intelligent\Common\RaUI.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849984895

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158849969192

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

thank you for your help. could you please tell me some free products to use or products i have installed that are unneeded. thankyou again:D.

Share this post


Link to post
Share on other sites

Hi hallix, :wave:

 

You’re most welcome, hallix. :)

 

Your HijackThis log appears to be clean. :)

 

Just run HijackThis and fix this next stray entry:

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

 

could you please tell me some free products to use or products i have installed that are unneeded.

Well, you don’t have that many processes running, so there’s nothing unneeded to discard there. I do notice that you are using Comodo’s firewall (an excellent choice, by the way :) ) together with Symantec’s internet security. Please make sure that Symantec’s firewall is disabled as two or more firewalls running will conflict with each other and make your system less secure and more unstable. Also turn of Windows firewall as well.

 

Your system is pretty well protected already. I would recommend installing another two security apps, both of which will substantially increase your security, but won’t take one iota of system resources. :)

 

SpywareBlaster

This is a great FREE prevention tool to keep nasties from installing on your system.

Tutorial: How to use!

 

 

IE-SPYAD

This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Tutorial: How to use!

 

 

Do let me know if you need anything else. We’re always here to help you with any enquiries that you may have.

 

Cheers! :wave:

~ Sempurna

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0