Sign in to follow this  
Prometheus

Prometheus' Log

Recommended Posts

Hi. i have tried so far to remove all the spyware/adware/malware on my own uding, Ad-Aware SE, Search & Destroy, and Microsoft's Antiware, and thusfar all attempts have been unsuccessfull, every 2 to 4 hours i run the damn services new stuff keeps popping up, gets deleted, and there it is again the next scan. its getting very annoying especially with pop-ups that if not for ad-watch keep popping up every freaking minute.

help?!?

greatly appreciate it in advance.

here is my log :

Logfile of HijackThis v1.99.1

Scan saved at 6:19:08 PM, on 21/02/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\WINXP\System32\CTsvcCDA.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINXP\System32\nvsvc32.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\Tablet.exe

C:\Program Files\UPSMON\UPSMON_Service.Exe

C:\WINXP\System32\MsPMSPSv.exe

C:\Program Files\UPSMON\UPSInt.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\RUNDLL32.EXE

C:\Program Files\DU Meter\DUMeter.exe

C:\WINXP\System32\CTHELPER.EXE

C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe

C:\Program Files\UPSMON\UPSMON.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINXP\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINXP\system32\WTablet\TabUserW.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\eDonkey2000\edonkey2000.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"

O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exe

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Norton System Doctor.LNK = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exe

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

Share this post


Link to post
Share on other sites

Hi,

Open HijackThis, click the "Scan" button, and check the following items:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exe

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dll

If you or your administrator did not put this restriction on Control Panel, also check this item. These restrictions can also be set by software like Spybot Search & Destroy, SpywareBlaster or another similar protection software:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present.

Close all windows except HijackThis, and click the "Fix Checked" button.

Locate the following file and delete it:

C:\winxp\system32\elitefad32.exe

Click Start --> Find. Find the following file and delete it:

ANTIVIRUS.EXE

Reboot and post a new log.

dk

Share this post


Link to post
Share on other sites

:unsure: umm what do i do if i am unable to locate the two files

elitefad32.exe does not exist in the system32 folder

and when i did the find, neither of the two files were discovered or found,

yet some how, magically, they reappear in the registry

also when i use spybot search and destroy system internals scan

it tells me this:

scan.jpg

Share this post


Link to post
Share on other sites

Have you checked:

C:\winxp\system32\elitefad32.exe

This is probably not a legit folder unless you have installed windows on that folder.

To see if you have 2 System32 folders, click Start --> Find, and search for System32. Tell me where each of the folders are located.

dk

Share this post


Link to post
Share on other sites

there is only one system32 folder , the WINXP i changed from generic WINDOWS during the last format due to spyware problems, and the path is correct, yet the file is missing.....

Share this post


Link to post
Share on other sites

Maybe the files are hidden. To make the hidden files show, do this:

* Click Start.

* Open My Computer.

* Select the Tools menu and click Folder Options.

* Select the View Tab.

* Under the Hidden files and folders heading select Show hidden files and folders.

* Uncheck the Hide protected operating system files (recommended) option.

* Click Yes to confirm.

* Click OK.

Now try to find the files.

dk

Share this post


Link to post
Share on other sites

oky here it is

Logfile of HijackThis v1.99.1

Scan saved at 9:03:55 PM, on 24/02/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\WINXP\System32\CTsvcCDA.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINXP\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\Tablet.exe

C:\Program Files\UPSMON\UPSMON_Service.Exe

C:\WINXP\System32\MsPMSPSv.exe

C:\Program Files\UPSMON\UPSInt.exe

C:\WINXP\System32\RUNDLL32.EXE

C:\Program Files\eDonkey2000\edonkey2000.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\WINXP\System32\CTHELPER.EXE

C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe

C:\Program Files\UPSMON\UPSMON.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINXP\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINXP\system32\WTablet\TabUserW.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINXP\explorer.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\Georgiy\LOCALS~1\Temp\~e5d141.tmp

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\Georgiy\LOCALS~1\Temp\~e5d141.tmp

C:\WINXP\System32\WISPTIS.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINXP\System32\taskmgr.exe

C:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"

O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exe

O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Norton System Doctor.LNK = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exe

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

Share this post


Link to post
Share on other sites

:huh: i guess the question is .....

can anything be done about those files?

________________________________________________________________

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exe

O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

Share this post


Link to post
Share on other sites

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

Is legit.

==========

Now to the fix

Please boot into Safe Mode. To do this:

* During reboot immediately begin tapping the F8 key when the OS is starting to load up

* Windows Advanced Options menu appears.

* Use the arrow keys to select Safe mode

* press Enter.

Open HiackThis, click the "Scan" button, and check the following items:

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exe

O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

Close all windows except HijackThis, and click the 'Fix Checked' button.

Locate the following file and try to delete it:

C:\winxp\system32\elitefad32.exe

Click Start --> Find. Find the following file and delete it:

ANTIVIRUS.EXE

Reboot and post a new log, noting any complications that you had.

dk

Share this post


Link to post
Share on other sites

i think i found why i was having problems of getting rid of those registry values in my windows.

as i followed the instructions and went into safe mode, there i was able to find the elitefad32 file, yet the antivirus.exe was still missing, i ran hijackthis fixed it, and deleted it. nothing would reapear in the registry and everything was fine. one question arose though, why would a file be in existance in safe mode and not in normal windows?

when i rebooted the registry values were once again where they were and nothing changed, i then realized that my ad-watch has been set to automatic , as well as booting at startup. i turned it of and relogged into windows and re-running hijackthis, and the values were gone. i guess the damn ad-watch was protecting the damn registry the wrong way.

anyways heres my log, hopefully it is all clean? <_<

______________________________________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 3:17:32 PM, on 26/02/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\WINXP\System32\CTsvcCDA.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINXP\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\Tablet.exe

C:\Program Files\UPSMON\UPSMON_Service.Exe

C:\WINXP\System32\MsPMSPSv.exe

C:\Program Files\UPSMON\UPSInt.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\RUNDLL32.EXE

C:\Program Files\eDonkey2000\edonkey2000.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\WINXP\System32\CTHELPER.EXE

C:\Program Files\UPSMON\UPSMON.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINXP\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINXP\system32\WTablet\TabUserW.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program Files\Spybot\SpybotSD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Norton System Doctor.LNK = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exe

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

Share this post


Link to post
Share on other sites

Hi,

Sorry for the delay. I was awaiting an answer to your question, because I didn't know it :P.

The file exists in Normal Mode, but it may not be possible to find or delete it for several reasons...

It may be in use so that it can't be deleted until it is stopped... It probably won't load in Safe Mode which is why it can be deleted...

It may be protected by some other file, so that it is even recreated each time the user tries to kill it... That protection file may not run in Safe Mode, so it is easier to kill...

The user has Ad-Watch and is also using MS Antispyware... In addition to possible conflicts between real time protection of the two programs, it is possible that they also may have been protecting the Registry entries that need to be fixed so that the file can be found and killed... Running in Safe Mode would disable them, but the problem may return later when they restore the Registry... If the file is deleted and doesn't have a way to reinstall, this may not matter...

Anyway, to the fix.

Open HijackThis, click the "Scan" button, and check the following items:

O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dll

Close all windows except HijackThis, and click the "Fix Checked" button.

Find the following file and delete it:

C:\WINXP\System32\qrtvf.dll

Reboot and post a new log.

dk

Share this post


Link to post
Share on other sites

finally, got rid of that file

heres the new log :blink:

Logfile of HijackThis v1.99.1

Scan saved at 6:33:02 PM, on 02/03/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINXP\system32\spoolsv.exe

C:\WINXP\System32\RUNDLL32.EXE

C:\Program Files\eDonkey2000\edonkey2000.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\WINXP\System32\CTHELPER.EXE

C:\Program Files\UPSMON\UPSMON.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINXP\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINXP\system32\WTablet\TabUserW.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\WINXP\System32\CTsvcCDA.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINXP\System32\nvsvc32.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINXP\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINXP\System32\Tablet.exe

C:\Program Files\UPSMON\UPSMON_Service.Exe

C:\WINXP\System32\MsPMSPSv.exe

C:\Program Files\UPSMON\UPSInt.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\WINXP\System32\WISPTIS.EXE

C:\WINXP\explorer.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXE

O4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Norton System Doctor.LNK = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exe

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this