Multiple Viruses - Please Help

IainB · Jul 30, 2006

I think I have numerous viruses on my system

I keep having the following warning pop up

OHPE ver 4.12_23
w32.myzor.fk@yf
Win32.MT.Rs
iworm_attck_v122.02a

Also, the browser keeps directing me to a security website offering me virus removal software.

I have tried Symantec,NOD32, Spybot, and Ad-Aware to remove it but with no joy. Spyware Doctor found 540 threats.

Any help would be much appreciated.

The latest Hijack This log is as follows

Logfile of HijackThis v1.99.1
Scan saved at 10:39:04, on 30/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\IntCodec\isamonitor.exe
F:\Program Files\IntCodec\pmsngr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\IntCodec\pmmon.exe
F:\Program Files\IntCodec\isamini.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\Program Files\Spyware Doctor\sdhelp.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Spyware Doctor\swdoctor.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\Iain\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - F:\Program Files\IntCodec\isaddon.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - F:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RecoverFromReboot] F:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129388373970
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145791741031
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe

Niobis · Jul 30, 2006

Get this. Download, update, run.

http://www.pandasoftware.com/downlo...ef=WWEN-TIT6-DES&Idioma=2&Country=US&sec=down

After scan, restart computer and post new HijackThis log.

IainB · Jul 31, 2006

Thanks for your help Niobis.

I tried downloading Panda, but it said I needed to remove Norton Antivirus, which I tried but the computer would not allow me to uninstall - it said I did not have authority to stop the processes????

The latest Hijack This Log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 09:24:01, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\IntCodec\pmsngr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\IntCodec\pmmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\ewido anti-spyware 4.0\guard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\Program Files\Spyware Doctor\sdhelp.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\Iain\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - F:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - F:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RecoverFromReboot] F:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129388373970
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145791741031
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe

Niobis · Jul 31, 2006

Run Ad-Aware in safe mode.

As for all the 010 entries you will need LSP-Fix, it can be downloaded here. http://www.cexx.org/lspfix.htm

blade81 · Jul 31, 2006

Those 010 entries belong to Nvidia firewall. They are OK. However if your Norton set includes firewall then I recommend you to remove Nvidia's one. It's not sensible to have two or more different firewalls active on same workstation.

EDIT:
BTW, you seem to have Smitfraud infection. Follow these instructions:

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

IainB · Jul 31, 2006

Hi Niobis - Tried running Ad-Aware in safe mode but it kept asking for a disc??? Would not let me scan.

Thanks Blade81

Downloaded SmitfraudFix

Report below:

SmitFraudFix v2.76

Scan done at 19:44:41.75, 31/07/2006
Run from F:\Documents and Settings\Iain\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» F:\

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» F:\Documents and Settings\Iain\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\Iain\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» F:\Program Files

F:\Program Files\IntCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

blade81 · Jul 31, 2006

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt. Paste also a fresh hjt log.

IainB · Jul 31, 2006

I really do appreciate all of your help.

Right then. Instructions followed:

SmitFraudFix v2.76

Scan done at 21:05:38.93, 31/07/2006
Run from F:\Documents and Settings\Iain\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\Program Files\IntCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HjT Log as follows

Logfile of HijackThis v1.99.1
Scan saved at 21:27:16, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\Program Files\Spyware Doctor\sdhelp.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Outlook Express\msimn.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\Iain\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - F:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RecoverFromReboot] F:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129388373970
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145791741031
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe

blade81 · Jul 31, 2006

Hi IainB!

Fix these:
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - F:\Program Files\IntCodec\iesplugin.dll (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)

Does your Norton software include firewall? If it does you should remove Nvidia firewall.

Reboot machine and send a new hjt log.

IainB · Jul 31, 2006

How do you 'Fix' the files you stated?

Also, of the antispyware I have on system (Ad-Aware, Spybot, Spyware Doctor, Ewido, Dr Web Cure it, and Panda) which should I keep and which should go?

Cheers

Iain

Niobis · Jul 31, 2006

Fix them using HijackThis.
Run HjT and do a scan only. Check the ones you want, click fix.

Spyware Doctor and Dr Web Cure it should go, in my opinion. Panda is only a 30-day trial, so it's up to you to keep for full 30 day. I recommend you keep it atleast until the trial runs out. You will like it.

IainB · Aug 1, 2006

Hi Guys

All fixed as instructed.

HJT log below.

I do not think the Norton has a firewall.

Thanks

Iain

Logfile of HijackThis v1.99.1
Scan saved at 09:31:24, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Outlook Express\msimn.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\Iain\LOCALS~1\Temp\Rar$EX00.813\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nTrayFw] F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RecoverFromReboot] F:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "F:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129388373970
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145791741031
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe

Niobis · Aug 1, 2006

Fix these two the same way. Look good now.

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

blade81 · Aug 1, 2006

Looks good. Still some problems?

EDIT:
Don't fix those two lines suggested by Niobis. Those are OK.

Niobis · Aug 1, 2006

"file missing" Obviously, he doen't have either of them any longer.

blade81 · Aug 1, 2006

When "file missing" is on 09 line you can't be sure if it's there or not.

Niobis · Aug 1, 2006

And this applies to 09 entires only?

blade81 · Aug 1, 2006

Nope. It applies to some other row entires too so you must know what you're fixing.

IainB · Aug 1, 2006

Just got back in from work.

So do I fix the lines or not?

Cheers guys

Iain

blade81 · Aug 1, 2006

Hi IainB! Don't fix those two lines. Both are legal.

Log in or Sign up

Multiple Viruses - Please Help

IainB Member

Niobis Active member

IainB Member

Niobis Active member

blade81 Active member

IainB Member

blade81 Active member

IainB Member

blade81 Active member

IainB Member

Niobis Active member

IainB Member

Niobis Active member

blade81 Active member

Niobis Active member

blade81 Active member

Niobis Active member

blade81 Active member

IainB Member

blade81 Active member

Share This Page

Log in or Sign up

Multiple Viruses - Please Help

IainB Member

Niobis Active member

IainB Member

Niobis Active member

blade81 Active member

IainB Member

blade81 Active member

IainB Member

blade81 Active member

IainB Member

Niobis Active member

IainB Member

Niobis Active member

blade81 Active member

Niobis Active member

blade81 Active member

Niobis Active member

blade81 Active member

IainB Member

blade81 Active member

Share This Page

Useful Searches