Am I clean now? I am sure the jokes will come rushing in :)

Discussion in 'Windows - Virus and spyware problems' started by Kwajimu, Sep 22, 2006.

  1. Kwajimu

    Kwajimu Guest

    I seem to have contracted something on my computer.

    First of all, i started getting popups for the winAntiVirus, and also getting errors refering to winlogon, scans with Norton keep popping up random files that need deleting.

    I have tried lots of things, running norton scan in safe mode, cleaning the registry etc. I have also tried using the vundoFix file refered to in some of the threads here and that did find about 6 or 7 files that it has removed. I have just done a scan with Norton and nothing has now come up and another check with vundoFix reveals nothing.

    I feel like I have been in this position quite few times already just to find that I get a popup a few hours later.

    My HJT log file I have just run is below and I am a bit concerned by the entries that say (no name) next to it).

    Is my computer cured or just a timebomb waiting to go off again?

    Thank you for any help you can give.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:27:02, on 22/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    G:\programs\itunes\iTunesHelper.exe
    G:\programs\ipod\bin\iPodService.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\programs\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - (no file)
    O2 - BHO: (no name) - {6A996BED-2E72-4EDB-A0DD-05DABC127924} - (no file)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [iTunesHelper] "G:\programs\itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/bt/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113658985699
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://chas.ch.ic.ac.uk/tsweb/msrdp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - G:\programs\ipod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    Kwajimu, Sep 22, 2006
    #1
  2. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    recsan with hijackthis and check these, click fix checked

    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - (no file)
    O2 - BHO: (no name) - {6A996BED-2E72-4EDB-A0DD-05DABC127924} - (no file)
    O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
    O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)


    Your java is out of date


    click here to download
    Java Runtime Environment (JRE) 5.0 Update 8
    http://java.sun.com/javase/downloads/index.jsp

    add/remove programs and unistall any previous versions of java.
    Install the latest.

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    When the scan is finished, save the results from the scan!
    post a new Hijack This log along with the logs from the Panda scan.
     
    maca1, Sep 22, 2006
    #2
  3. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Edited: may never know.
     
    Last edited: Sep 22, 2006
    Niobis, Sep 22, 2006
    #3
  4. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    That is not the bad file. That is the legitimate devldr32.exe, that belongs to Creative so edit that out.
     
    Last edited: Sep 22, 2006
    maca1, Sep 22, 2006
    #4
  5. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Edit: may never know.
     
    Last edited: Sep 22, 2006
    Niobis, Sep 22, 2006
    #5
  6. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    I know what I'm talking about, That is NOT THE BAD FILE!
     
    maca1, Sep 22, 2006
    #6
  7. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Damn, no use in hostility mate. I'll edit if it's a big deal to upload and be certain. How can you tell?
     
    Last edited: Sep 22, 2006
    Niobis, Sep 22, 2006
    #7
  8. Kwajimu

    Kwajimu Guest

    DId all the steps in the first post.

    I havent done anything with the devldr32.exe file. I have seen this on my system before I had any problems so hopefully not an issue.

    All that comes up in panda are cookies in firefox. My system has been popup free so hopefully that is the end of it

    Both scans below

    Thanks a lot maca


    Incident Status Location





    Spyware:Cookie/Statcounter Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.statcounter.com/]


    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.doubleclick.net/]


    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[stats1.reliablestats.com/]


    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.atdmt.com/]


    Spyware:Cookie/Hitbox Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.hitbox.com/]


    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.mediaplex.com/]


    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.serving-sys.com/]


    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.bs.serving-sys.com/]


    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.serving-sys.com/]


    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.questionmarket.com/]


    Spyware:Cookie/Overture Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.overture.com/]


    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[statse.webtrendslive.com/]


    Spyware:Cookie/Clickbank Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.clickbank.net/]


    Spyware:Cookie/2o7 Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.2o7.net/]


    Spyware:Cookie/Xiti Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.xiti.com/]


    Spyware:Cookie/Adviva Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.adviva.net/]


    Spyware:Cookie/2o7 Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.112.2o7.net/]


    Spyware:Cookie/Advertising Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.advertising.com/]


    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.bluestreak.com/]


    Spyware:Cookie/Adtech Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.adtech.de/]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[server.iad.liveperson.net/hc/15527479]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[server.iad.liveperson.net/]


    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.tradedoubler.com/]


    Spyware:Cookie/Valueclick Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.valueclick.com/]


    Spyware:Cookie/PointRoll Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.ads.pointroll.com/]


    Spyware:Cookie/RealMedia Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.247realmedia.com/]


    Spyware:Cookie/BurstNet Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.burstnet.com/]


    Spyware:Cookie/Atwola Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.atwola.com/]


    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.casalemedia.com/]


    Spyware:Cookie/YieldManager Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[ad.yieldmanager.com/]


    Spyware:Cookie/FastClick Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.fastclick.net/]


    Spyware:Cookie/RealMedia Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.realmedia.com/]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[server.iad.liveperson.net/hc/63424461]


    Spyware:Cookie/RealMedia Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.realmedia.com/]


    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.tribalfusion.com/]


    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.adrevolver.com/]


    Spyware:Cookie/360i Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.ct.360i.com/]


    Spyware:Cookie/Apmebf Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.apmebf.com/]


    Spyware:Cookie/Bfast Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.bfast.com/]


    Spyware:Cookie/2o7 Not disinfected C:\Documents and

    Settings\Alice\Application Data\Mozilla\Firefox\Profiles\6k63xnc0.default\cookies.txt[.microsofteup.112.2o7.net/]


    Spyware:Cookie/2o7 Not disinfected C:\Documents and

    Settings\Alice\Cookies\alice@microsofteup.112.2o7[1].txt


    Spyware:Cookie/2o7 Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.2o7.net/]


    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.atdmt.com/]


    Spyware:Cookie/YieldManager Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[ad.yieldmanager.com/]


    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[statse.webtrendslive.com/]


    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.casalemedia.com/]


    Spyware:Cookie/Adtech Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.adtech.de/]


    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.tribalfusion.com/]


    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.mediaplex.com/]


    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.doubleclick.net/]


    Spyware:Cookie/Advertising Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.advertising.com/]


    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.tradedoubler.com/]


    Spyware:Cookie/Advertising Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.advertising.com/]


    Spyware:Cookie/Statcounter Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.statcounter.com/]


    Spyware:Cookie/Adviva Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.adviva.net/]


    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.adrevolver.com/]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[server.iad.liveperson.net/hc/614779]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[server.iad.liveperson.net/]


    Spyware:Cookie/Falkag Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[as1.falkag.de/]


    Spyware:Cookie/Itrack Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[ilead.itrack.it/]


    Spyware:Cookie/Hitbox Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.hitbox.com/]


    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.serving-sys.com/]


    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.bs.serving-sys.com/]


    Spyware:Cookie/RealMedia Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.247realmedia.com/]


    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.questionmarket.com/]


    Spyware:Cookie/FastClick Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.fastclick.net/]


    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[stats1.reliablestats.com/]


    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[statse.webtrendslive.com/S005-01-10-1-233860-106940]


    Spyware:Cookie/Xiti Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.xiti.com/]


    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.bluestreak.com/]


    Spyware:Cookie/Com.com Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.com.com/]


    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[server.iad.liveperson.net/hc/15527479]


    Spyware:Cookie/Clickbank Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.clickbank.net/]


    Spyware:Cookie/Valueclick Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.valueclick.com/]


    Spyware:Cookie/Yadro Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.yadro.ru/]


    Spyware:Cookie/SpyLog Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.spylog.com/]


    Spyware:Cookie/HotLog Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.hotlog.ru/]


    Spyware:Cookie/Maxserving Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.maxserving.com/]


    Spyware:Cookie/Weborama Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.weborama.fr/]


    Spyware:Cookie/bravenetA Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.bravenet.com/]


    Spyware:Cookie/Go Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.go.com/]


    Spyware:Cookie/Hitbox Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.ehg.hitbox.com/]


    Spyware:Cookie/RealMedia Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.realmedia.com/]


    Spyware:Cookie/Tucows Not disinfected C:\Documents and

    Settings\Peter\Application Data\Mozilla\Firefox\Profiles\vtvv8t5m.default\cookies.txt[.tucows.com/]


    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and

    Settings\Peter\Cookies\peter@stats1.reliablestats[1].txt



    Logfile of HijackThis v1.99.1
    Scan saved at 22:13:05, on 22/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    G:\programs\itunes\iTunesHelper.exe
    G:\programs\ipod\bin\iPodService.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\programs\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [iTunesHelper] "G:\programs\itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://G:\programs\Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/bt/yregucfg.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113658985699
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://chas.ch.ic.ac.uk/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - G:\programs\ipod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    Kwajimu, Sep 22, 2006
    #8
  9. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Well, it may be the legit one. Sorry if I jumped to conclusions and told you to remove it. I should have posted that you upload if I was going to post. No worries though, no harm was done.

    @maca, how can you tell for sure it is the legit one? There isn't a difference between the two.
     
    Niobis, Sep 22, 2006
    #9
  10. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    You are clean, just clear out your cookies

    Niobis since I started here I have corrected you on numerous occassions You edited your post twice, you never listen the first time when I ask you nicely. Not only that but I always then have to explain to you why you are wrong so leave out this hostility business..

    because of where it's located


     
    Last edited: Sep 22, 2006
    maca1, Sep 22, 2006
    #10
  11. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Yes, you have corrected me alot. Mostly on files that are missing, not so much on files such as this. I edited first time to post link instead of removing first. As stated in last post, sorry for jumping to conclusions. Then, I just cleared it all.

    They both are located in System32, bad or good, from what I can find.
     
    Niobis, Sep 22, 2006
    #11
  12. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Links please?
     
    maca1, Sep 22, 2006
    #12
  13. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Ok, I didn't read it correctly. The bad one is a startup key not a process, my fault. Sorry, will be more careful next time.
     
    Niobis, Sep 22, 2006
    #13
  14. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    No worries at all, nothing wrong with making mistakes and nothing wrong with correcting me if you find I've made a mistake which you will now and then, but just make sure you know the facts before you go that bit further..
     
    Last edited: Sep 22, 2006
    maca1, Sep 22, 2006
    #14
  15. elliott

    elliott Regular member

    Joined:
    Jan 21, 2004
    Messages:
    791
    Likes Received:
    0
    Trophy Points:
    26
    to insure your system is clean go to windows security center online and run the full system scan worked for me
     
    elliott, Sep 24, 2006
    #15

Share This Page