help with the spyware b129.exe

blrman · Apr 18, 2007

Logfile of HijackThis v1.99.1
Scan saved at 7:07:51 AM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINNT\updater.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

this is the hyjacker note pad file this b129.exe is killing me

Fredil · Apr 18, 2007

There's quite a couple of things wrong with your computer, including WebEnhancer (see http://www.cexx.org/webhancer.htm), so I'm going to have to call for help. No worries, we can still get them fixed

blrman · Apr 18, 2007

Thanks for the link and help I am still working on it I have run spybot and adwarese I will rerun the hyjackthis and post the results as soon as I get home from work Thanks

blrman · Apr 19, 2007

this is the new log file
Logfile of HijackThis v1.99.1
Scan saved at 7:44:08 AM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\WINNT\updater.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I hope I was able to fix most of the problems

KotaGuy · Apr 20, 2007

Run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. Then the Save List button. Save the list to your Desktop.

Copy/paste the contents of the list in your reply please.

blrman · Apr 21, 2007

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Apple Software Update
Avanquest update
ccCommon
Chilton's Reference Library
DVD Shrink 3.2
EzTune
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel Security Driver
Intel(R) PRO Network Adapters and Drivers
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Motorola Phone Tools
Mouse Suite
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
Outerinfo
Pivot Software
QuickTime
Roxio Easy Media Creator 8 Suite
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SPBBC
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Textbook Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip

thisis the uninstall list Thanks

KotaGuy · Apr 21, 2007

Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Outerinfo

Once done reboot and post a new HijackThis log please.

Fredil · Apr 21, 2007

Hey, Kotaguy, just a question:

After I did a System Restore, when I went to run, there was text in it that said "shutdown -a". What does that mean?

blrman · Apr 21, 2007

Logfile of HijackThis v1.99.1
Scan saved at 8:34:20 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

aAd-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Apple Software Update
Avanquest update
ccCommon
CCleaner (remove only)
Chilton's Reference Library
DVD Shrink 3.2
EzTune
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel Security Driver
Intel(R) PRO Network Adapters and Drivers
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Motorola Phone Tools
Mouse Suite
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
Pivot Software
QuickTime
Roxio Easy Media Creator 8 Suite
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SPBBC
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Textbook Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip

nd this is the uninstall mgr

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Apple Software Update
Avanquest update
ccCommon
CCleaner (remove only)
Chilton's Reference Library
DVD Shrink 3.2
EzTune
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel Security Driver
Intel(R) PRO Network Adapters and Drivers
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Motorola Phone Tools
Mouse Suite
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
Pivot Software
QuickTime
Roxio Easy Media Creator 8 Suite
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SPBBC
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Textbook Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip

blrman · Apr 21, 2007

Logfile of HijackThis v1.99.1
Scan saved at 9:42:25 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
C:\PROGRA~1\COMMON~1\uqfo\uqfoa.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

this is round three after the 3 rd restart

KotaGuy · Apr 21, 2007

Print this out for reference during the fix as for part of it you will be in Safe Mode and won't be able to access this site.

You still need to uninstall these...

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9

Those are old versions of Java and can be exploited if you don't.

Hit CTRL+ALT+DELETE to bring up the Task Manager. End Task the following:

uqfom.exe
uqfoa.exe

Run and scan with HijackThis and place checks beside the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
O4 - HKCU\..\Run: [uqfo] C:\PROGRA~1\COMMON~1\uqfo\uqfom.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O18 - Filter: text/html - (no CLSID) - (no file)

Close all open browsers/windows and click the Fix button.

Boot into Safe Mode

Search for and delete these Folders:

C:\Program Files\webHancer
C:\Program Files\Common Files\uqfo

Search for and delete this File:

C:\WINNT\updater.exe

Empty your Recylce Bin.

Reboot Windows normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

[*]The program will launch and then begin downloading the latest definition files:
[*]Once the files have been downloaded click on NEXT
[*]Now click on Scan Settings
[*]In the scan settings make that the following are selected:

[*]Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

[*]Scan Options:

Scan Archives Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button:
[*]Save the file to your desktop.

Copy/paste the contents of the file in your next reply along with a new HijackThis log please.

blrman · Apr 23, 2007

I could not get the anti virus to work and download but this is the hyjackthis log file I will keep working on the anti virus
Logfile of HijackThis v1.99.1
Scan saved at 7:15:41 AM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

KotaGuy · Apr 23, 2007

Looking good.

I still see this in the log though...

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/config/fj/config.html?noreloadredir

Did you miss that or do you need it for work or something?

I also need to see the Kaspersky log too.

blrman · Apr 26, 2007

C:\WINNT\system32\config\system.LOG Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SYSTEM Object is locked skipped

C:\WINNT\system32\config\SOFTWARE Object is locked skipped

C:\WINNT\system32\config\DEFAULT Object is locked skipped

C:\WINNT\system32\config\Internet.evt Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped

C:\WINNT\system32\h323log.txt Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\pw.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\WINNT\b129.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINNT\b129.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINNT\b129.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\WINNT\b129.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\WINNT\b129.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\WINNT\b129.exe NSIS: infected - 5 skipped

C:\WINNT\b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\WINNT\b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\WINNT\b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\WINNT\b128.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\WINNT\b128.exe NSIS: infected - 4 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08531E8F.tmp Infected: Trojan.Win32.Crypt.e skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A550593.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 NSIS: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B320B7.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CAB: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38706897.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA2571C.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA50119.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA92B15.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe CryptFF: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D2A617F.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66061DFF.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660947FB Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660D71F8.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D0AFC.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B NSIS: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78024601.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B081747.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31367744.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp RarSFX: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp CryptFF: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jeb\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\jeb\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jeb\Cookies\index.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Recycled\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057015.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057016.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057017.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057020.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057021.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP574\A0057022.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058230.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058234.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP579\A0058235.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP581\change.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe NSIS: infected - 2 skipped

D:\Program Files\Norton AntiVirus\Quarantine\06ED3D76.exe CryptFF: infected - 2 skipped

D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe NSIS: infected - 3 skipped

D:\Program Files\Norton AntiVirus\Quarantine\09F64D80.exe CryptFF: infected - 3 skipped

D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe NSIS: infected - 3 skipped

D:\Program Files\Norton AntiVirus\Quarantine\09FA777C.exe CryptFF: infected - 3 skipped

D:\Program Files\Norton AntiVirus\Quarantine\0A071F6E.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

D:\Program Files\Norton AntiVirus\Quarantine\0A0D7367.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

D:\Program Files\Norton AntiVirus\Quarantine\0A144760.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

D:\Program Files\Norton AntiVirus\Quarantine\27D146B3.tmp Infected: P2P-Worm.Win32.VB.dw skipped

D:\Program Files\Norton AntiVirus\Quarantine\28164C6C.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe NSIS: infected - 2 skipped

D:\Program Files\Norton AntiVirus\Quarantine\3F454569.exe CryptFF: infected - 2 skipped

D:\Program Files\Norton AntiVirus\Quarantine\6109544F.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\Program Files\Norton AntiVirus\Quarantine\7A51647D.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe ZIP: infected - 6 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase
holy cow this is the kerpersky log I don't know what to do

KotaGuy · Apr 26, 2007

holy cow this is the kerpersky log I don't know what to do
Click to expand...

G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe/Filters.exe/setup.bat Infected: Trojan.BAT.Zapchast

First thing you need to do is stop using cracked programs.

Print this out for reference during the fix as you will be in Safe Mode for part of it and won't be able to access this site.

Boot into Safe Mode.

Search for and delete these Files:

C:\WINNT\pw.exe
C:\WINNT\b129.exe
C:\WINNT\b128.exe
G:\shared limewire\New Folder\WinRar 4.1 Pro (with CRACK).exe

Empty your Recycle Bin.

Reboot Windows normally.

Do another online Kaspersky scan. Post its log along with a new HijackThis log please.

blrman · Apr 27, 2007

Total number of scanned objects 64095
Number of viruses found 24
Number of infected objects 112 / 0
Number of suspicious objects 0
Duration of the scan process 05:44:55

Infected Object Name Virus Name Last Action
C:\WINNT\system32\config\system.LOG Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SYSTEM Object is locked skipped

C:\WINNT\system32\config\SOFTWARE Object is locked skipped

C:\WINNT\system32\config\DEFAULT Object is locked skipped

C:\WINNT\system32\config\Internet.evt Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped

C:\WINNT\system32\h323log.txt Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\SoftwareDistribution\EventCache\{076C70E8-261B-4E8C-87B7-092E56FAF596}.bin Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08531E8F.tmp Infected: Trojan.Win32.Crypt.e skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A550593.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 NSIS: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23884ED3 CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B320B7.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CAB: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\332E3F2D CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38706897.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA2571C.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA50119.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA92B15.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50125471.exe CryptFF: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D2A617F.tmp Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66061DFF.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660947FB Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\660D71F8.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D0AFC.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B NSIS: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\705C637B CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78024601.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B081747.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31367744.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp RarSFX: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31571B20.tmp CryptFF: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jeb\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\jeb\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\History\History.IE5\MSHist012007042620070427\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jeb\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\jeb\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jeb\UserData\index.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Recycled\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\Recycled\Dc14.tmp Infected: Worm.Win32.VB.an skipped

C:\Recycled\Dc15.tmp Infected: Worm.Win32.VB.an skipped

C:\Recycled\Dc16.tmp Infected: Worm.Win32.VB.an skipped

C:\Recycled\Dc17.tmp Infected: Worm.Win32.VB.an skipped

C:\Recycled\Dc19.tmp Infected: Worm.Win32.VB.an skipped

C:\Recycled\Dc20/mySetp.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped

C:\Recycled\Dc20 CAB: infected - 1 skipped

C:\Recycled\Dc20 CryptFF: infected - 1 skipped

C:\Recycled\Dc21.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Recycled\Dc22.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Recycled\Dc23.tmp/data.rar/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Recycled\Dc23.tmp/data.rar/csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped

C:\Recycled\Dc23.tmp/data.rar/services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped

C:\Recycled\Dc23.tmp/data.rar/ntauth.dll Infected: Backdoor.IRC.Zapchast skipped

C:\Recycled\Dc23.tmp/data.rar Infected: Backdoor.IRC.Zapchast skipped

C:\Recycled\Dc23.tmp RarSFX: infected - 5 skipped

C:\Recycled\Dc23.tmp CryptFF: infected - 5 skipped

C:\Recycled\Dc24.DLL Infected: not-a-virus:AdWare.Win32.Altnet.d skipped

C:\Recycled\Dc25 Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\Recycled\Dc26.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Recycled\Dc27.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Recycled\Dc28.exe/svchost1.exe Infected: Backdoor.Win32.Iroffer.1217 skipped

C:\Recycled\Dc28.exe/system.exe Infected: Backdoor.Win32.ServU-based skipped

C:\Recycled\Dc28.exe/FireDaemon.exe Infected: not-a-virus:RemoteAdmin.Win32.RA.3826 skipped

C:\Recycled\Dc28.exe/setup.bat Infected: Trojan.BAT.Zapchast skipped

C:\Recycled\Dc28.exe/HIDDEN32.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\Recycled\Dc28.exe ZIP: infected - 5 skipped

C:\Recycled\Dc28.exe CryptFF: infected - 5 skipped

C:\Recycled\Dc29.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Recycled\Dc30/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Recycled\Dc30 NSIS: infected - 1 skipped

C:\Recycled\Dc30 CryptFF: infected - 1 skipped

C:\Recycled\Dc31.tmp Infected: Trojan.Win32.Crypt.e skipped

C:\Recycled\Dc32/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped

C:\Recycled\Dc32 NSIS: infected - 1 skipped

C:\Recycled\Dc32 CryptFF: infected - 1 skipped

C:\Recycled\Dc33.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped

C:\Recycled\Dc34.DLL Infected: not-a-virus:AdWare.Win32.404Search.l skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059681.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059682.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059683.exe NSIS: infected - 5 skipped

C:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP583\change.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

D:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe NSIS: infected - 3 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059508.exe CryptFF: infected - 3 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe NSIS: infected - 3 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059509.exe CryptFF: infected - 3 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe NSIS: infected - 2 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059510.exe CryptFF: infected - 2 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe NSIS: infected - 2 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059511.exe CryptFF: infected - 2 skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059516.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059517.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059518.exe Infected: P2P-Worm.Win32.VB.dw skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059520.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059521.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

D:\System Volume Information\_restore{5E525007-AE48-4AF0-8858-50A4A87F4B1F}\RP582\A0059522.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 6:56:30 AM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mgabg.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
C:\WINNT\system32\PELMICED.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Promon.exe] C:\IBMTOOLS\DRIVERS\LAN\INTEL\PROMON.EXE
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138221981120
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NPROTECT.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

here you go and I have learned my lesson

KotaGuy · Apr 27, 2007

Looks good... everything is either quaratined, in your recycle bin or restore points which can be easily cleaned.

How is the PC behaving?

blrman · Apr 27, 2007

It is running 100% better I deleted the quarrintines and restore points and will establish new ones. Do you think that I should get the kerpernsky internet security and dump the norton no mre cracked programs thats for sure thanks for all your time and help "blrman"

KotaGuy · Apr 27, 2007

I'm not a big fan of Norton.

Kasperksy, NOD32(I use this on my PC's and my LapTop), or BitDefender would all be better choices.

Log in or Sign up

help with the spyware b129.exe

blrman Member

Fredil Regular member

blrman Member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

Fredil Regular member

blrman Member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

Share This Page

Log in or Sign up

help with the spyware b129.exe

blrman Member

Fredil Regular member

blrman Member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

Fredil Regular member

blrman Member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

blrman Member

KotaGuy Regular member

Share This Page

Useful Searches