Member Avatar for craiggale

everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:03, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\?dobe\u?erinit.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AsmwSoft\Free Asmw PC-Optimizer\asmwclen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\akssggf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [pvvurrl] c:\windows\system32\akssggf.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c400.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7737 bytes

  • 2 Contributors
  • 12 Replies
  • 241 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 12 Replies

Member Avatar for PhilliePhan

everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance

Hi craiggale,

You have a boatload of malware showing there, much of which I have not seen on a regular basis for a few years. Let's go ahead and do this to get started:

FIRST -
Please Download this tool: http://www.cexx.org/lspfix.zip and extract the LSPFix folder to your Desktop.
--Please run LSPFix
- Check the Box labeled "I know what I'm doing" and then click on the msvrl.dll file (in the “Keep” section) to select it.
- Then, Select the >> button to move msvrl.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
I'd like to do this first to try to avoid the connectivity problems that occur when we rip malware from the LSP stack....
Note that ComboFix will also address this issue as well, but I'd prefer to use LSPFix for this step.


NEXT, let's go ahead and do the following:

  • Download combofix.exe by sUBs to your computer's Desktop.
  • Alternate Download
  • (If you already have a previous version, delete it and download a new version).
  • Double click combofix.exe & follow the prompts.
    Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

  • Produce a log for you. ( C:\ComboFix\ComboFix.txt)
  • Restore your Internet connection.

IMPORTANT:

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
    (If the above fails to restore your connection, you ought to be able to run LSPFix again and just click the "Finish" button.)

Please post that log for us along with a fresh HJT and we'll go from there. Let us know if you run into any difficulty.

Best Luck :)
PP

Member Avatar for craiggale

thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.

combofix log:

ComboFix 08-02-25.3 - Jenny 2008-02-27 12:35:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.257 [GMT 0:00]
Running from: C:\Documents and Settings\Jenny\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenny\My Documents\ICROSO~1
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\DRUM.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INST.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INTIT.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG2-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG3-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG4-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUCT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLOBE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MIDLAND.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNEG-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNGPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPALETTE.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRES-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSHARE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAPAL-.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTATE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTOCK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSELE.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSFRA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSSTA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.000
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.002
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.003
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.009
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.012
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.013
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.026
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\WINGAME.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DOS4GW.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDET.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIMDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\DEMO.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SETUP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SNDSETUP.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\TP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\spool32.exe
C:\Program Files\Common Files\{48EEE~1
C:\Program Files\Common Files\{48EEE~1\Update.exe
C:\Program Files\Common Files\inetget
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\RyDial.log
C:\Program Files\outlook\v.tmp
C:\Program Files\toolbar888
C:\Program Files\toolbar888\Activate.exe
C:\Program Files\toolbar888\mytoolbar.dll
C:\Program Files\toolbar888\Uninst.exe
C:\Program Files\video activex object
C:\Program Files\windows
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\u?erinit.exe
C:\WINDOWS\system32\msvrl.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\teller2.chk

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-29 12:00 520,192 ----a-w C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"ujstpa"="c:\windows\system32\sluixbb.exe" [2007-04-04 20:28 83456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out

R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys [2003-07-06 21:11]
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]

.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:46:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\System32\Msvrl.dll
.
Completion time: 2008-02-27 12:50:05
ComboFix-quarantined-files.txt 2008-02-27 12:49:35
.
2008-02-13 16:58:02 --- E O F ---


HJK this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:47, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\hpmpup.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bncbaw] c:\windows\system32\hpmpup.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5333 bytes

Member Avatar for PhilliePhan

thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.

Do you have a valid product key for Windows? There are ways to deal with the nag screens, but I doubt forum policy would let me post them....

There remains some malware to be removed, but I'd like to hear from you that your Copy of Windows is legit or that you bought your computer with that assumption before continuing.

Cheers :)
PP

Member Avatar for craiggale

yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much. I have my product i.d number. I can't seem to find the windows disk but i got the number from inside windows.

Member Avatar for PhilliePhan

yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much.

I am not sure I can help much with validation issues - that process is still fairly new. I doubt I could tell you any more than what is in the Microsoft Knowledge Base. If I am not mistaken, I do think there is a fix if you can provide them the key.

As far as cleaning the compy goes....

Let’s continue on by doing the following:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe

-- Let Combofix run as before and post me that log.

THEN:
Download ATF-Cleaner.exe by Atribune to your Desktop.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT


NEXT:
Open Hijackthis.
Click the Open the Misc Tools section Button.
Click the Open Uninstall Manager Button.
Click the Save list... Button.
Save that list to your desktop and submit that for me.

LASTLY:
Run a fresh HJT scan and submit that log along with the others and we’ll go from there.

Cheers :)
PP

Member Avatar for craiggale

combofix log:

ComboFix 08-02-25.3 - Jenny 2008-02-29 14:13:53.3 - NTFSx86
Running from: C:\Documents and Settings\Jenny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenny\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\Msvrl.dll
c:\windows\system32\sluixbb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-27 14:19 . 2008-02-27 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-27 14:19 . 2008-02-29 13:31 <DIR> d-------- C:\Documents and Settings\Jenny\Application Data\AVG7
2008-02-27 14:18 . 2008-02-27 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 14:18 . 2008-02-28 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Park ----

2008-02-15 21:54 304668 --a------ C:\Park\SAVE\CRAIG.G0
2008-02-15 21:51 304668 --a------ C:\Park\SAVE\CRAIG.GY
2008-02-15 13:52 141 --a------ C:\Park\SAVE\CRAIG.GD
2006-07-25 21:05 304668 --a------ C:\Park\SAVE\JAREK.GY
2006-07-25 21:04 141 --a------ C:\Park\SAVE\JAREK.GD
2006-07-24 18:33 304668 --a------ C:\Park\SAVE\BLEEE.GY
2006-07-24 18:31 141 --a------ C:\Park\SAVE\BLEEE.GD
2004-08-14 04:04 50 --a------ C:\Park\SNDSETUP.INF
1994-06-17 14:34 30912 --a------ C:\Park\DATA\LANG0-0.DAT
1994-06-14 09:58 841223 --a------ C:\Park\TP.EXE
1994-06-14 08:02 90758 --a------ C:\Park\SETUP.EXE
1994-06-14 05:54 33895 --a------ C:\Park\DATA\LANG3-0.DAT
1994-06-13 12:08 35245 --a------ C:\Park\DATA\LANG4-0.DAT
1994-06-13 12:08 30531 --a------ C:\Park\DATA\LANG2-0.DAT
1994-06-13 12:07 36592 --a------ C:\Park\DATA\LANG1-0.DAT
1994-06-11 14:38 64000 --a------ C:\Park\DATA\MSTATE-0.DAT
1994-06-11 09:43 987204 --a------ C:\Park\DATA\RIDEANI.026
1994-06-11 09:16 6994068 --a------ C:\Park\DATA\RIDEANI.009
1994-06-10 15:47 5836494 --a------ C:\Park\DATA\RIDEANI.012
1994-06-10 15:21 7429352 --a------ C:\Park\DATA\RIDEANI.002
1994-06-10 14:47 2512644 --a------ C:\Park\DATA\RIDEANI.003
1994-06-10 14:33 6782968 --a------ C:\Park\DATA\RIDEANI.000
1994-06-10 13:23 2771272 --a------ C:\Park\DATA\RIDEANI.013
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-1.TAB
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-0.TAB
1994-06-10 11:31 107424 --a------ C:\Park\DATA\MUSIC0-0.DAT
1994-06-10 11:31 103888 --a------ C:\Park\DATA\MUSIC0-1.DAT
1994-06-10 10:49 736 --a------ C:\Park\DATA\MUSIC0-2.TAB
1994-06-10 10:49 108976 --a------ C:\Park\DATA\MUSIC0-2.DAT
1994-06-10 10:11 2225274 --a------ C:\Park\DATA\WINGAME.DAT
1994-06-06 14:29 304668 --a------ C:\Park\SAVE\DEMO.GY
1994-06-03 16:23 989499 --a------ C:\Park\DATA\MSPR-0.DAT
1994-06-03 16:23 19806 --a------ C:\Park\DATA\MSPR-0.TAB
1994-06-03 16:22 74120 --a------ C:\Park\DATA\MELE-0.ANI
1994-06-03 16:22 45640 --a------ C:\Park\DATA\MFRA-0.ANI
1994-06-03 16:22 246187 --a------ C:\Park\DATA\MEDIT-0.ANI
1994-06-03 16:22 1388 --a------ C:\Park\DATA\MSTA-0.ANI
1994-06-03 15:25 96988 --a------ C:\Park\DATA\HPANEL-0.DAT
1994-06-03 15:25 8 --a------ C:\Park\DATA\MREQ-0.INF
1994-06-03 15:25 768 --a------ C:\Park\DATA\MPALETTE.DAT
1994-06-03 15:25 504 --a------ C:\Park\DATA\MPANEL-0.TAB
1994-06-03 15:25 504 --a------ C:\Park\DATA\HPANEL-0.TAB
1994-06-03 15:25 3421 --a------ C:\Park\DATA\MPOINTER.DAT
1994-06-03 15:25 27149 --a------ C:\Park\DATA\MREQ-0.DAT
1994-06-03 15:25 26522 --a------ C:\Park\DATA\MPANEL-0.DAT
1994-06-03 15:25 1554 --a------ C:\Park\DATA\MREQ-0.TAB
1994-06-03 15:25 1464 --a------ C:\Park\DATA\MBLK-0.TAB
1994-06-03 15:25 126 --a------ C:\Park\DATA\MPOINTER.TAB
1994-06-03 15:25 112 --a------ C:\Park\DATA\MSPR-0.INF
1994-06-03 15:25 104623 --a------ C:\Park\DATA\MBLK-0.DAT
1994-06-03 15:24 8441 --a------ C:\Park\DATA\MRSSPR-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTAP-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MRSPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MNGPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MGLPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MAWPAL-0.DAT
1994-06-03 15:24 7411 --a------ C:\Park\DATA\MSTSPR-0.DAT
1994-06-03 15:24 66 --a------ C:\Park\DATA\MPLAY-0.TAB
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSTOCK-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSHARE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MRES-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MNEG-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-1.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMAP-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MGLOBE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR1-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR0-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAUCT-0.DAT
1994-06-03 15:24 4999 --a------ C:\Park\DATA\MPLAY-0.DAT
1994-06-03 15:24 360 --a------ C:\Park\DATA\MHAND-0.TAB
1994-06-03 15:24 23781 --a------ C:\Park\DATA\MCUP-0.DAT
1994-06-03 15:24 21842 --a------ C:\Park\DATA\MAUSPR-0.DAT
1994-06-03 15:24 180 --a------ C:\Park\DATA\MSTSPR-0.TAB
1994-06-03 15:24 168 --a------ C:\Park\DATA\MCUP-0.TAB
1994-06-03 15:24 156 --a------ C:\Park\DATA\MRSSPR-0.TAB
1994-06-03 15:24 119573 --a------ C:\Park\DATA\MHAND-0.DAT
1994-06-03 15:24 102 --a------ C:\Park\DATA\MAUSPR-0.TAB
1994-06-03 10:57 131920 --a------ C:\Park\DATA\MSTAPAL-.DAT
1994-06-02 15:02 630 --a------ C:\Park\DATA\MFONT-0.TAB
1994-06-02 15:02 12472 --a------ C:\Park\DATA\MFONT-0.DAT
1994-06-02 09:21 2617 --a------ C:\Park\HMIMDRV.386
1994-06-02 05:48 74120 --a------ C:\Park\DATA\MSELE-0.ANI
1994-06-01 07:27 42061 --a------ C:\Park\HMIDET.386
1994-06-01 07:18 186165 --a------ C:\Park\HMIDRV.386
1994-05-31 17:00 265396 --a------ C:\Park\DOS4GW.EXE
1994-05-23 07:17 625472 --a------ C:\Park\DATA\SNDS0-0.DAT
1994-05-23 07:17 622624 --a------ C:\Park\DATA\SNDS1-0.DAT
1994-05-23 07:17 1568 --a------ C:\Park\DATA\SNDS0-0.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-1.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-0.TAB
1994-05-23 07:17 1276560 --a------ C:\Park\DATA\SNDS1-1.DAT
1994-05-23 07:16 5056960 --a------ C:\Park\DATA\SNDS0-2.DAT
1994-05-23 07:16 5031488 --a------ C:\Park\DATA\SNDS1-2.DAT
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-2.TAB
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-1.TAB
1994-05-23 07:16 1312 --a------ C:\Park\DATA\SNDS1-2.TAB
1994-05-23 07:16 1282560 --a------ C:\Park\DATA\SNDS0-1.DAT
1994-05-16 13:43 9584 --a------ C:\Park\DATA\INTIT.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\TAKPAL.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\BUSPAL.DAT
1994-05-14 14:03 64034 --a------ C:\Park\DATA\TAKOVER.DAT
1994-05-14 14:03 64033 --a------ C:\Park\DATA\BUSTED.DAT
1994-05-14 14:03 200996 --a------ C:\Park\DATA\TAKOVER.ANM
1994-05-14 14:03 112582 --a------ C:\Park\DATA\BUSTED.ANM
1994-04-20 07:12 5404 --a------ C:\Park\DATA\INST.BNK
1994-04-20 07:12 5404 --a------ C:\Park\DATA\DRUM.BNK
1994-04-18 09:05 25536 --a------ C:\Park\DATA\MUSIC1-2.DAT
1994-04-18 09:05 192 --a------ C:\Park\DATA\MUSIC1-2.TAB
1994-04-18 08:24 45640 --a------ C:\Park\DATA\MDFRA-0.ANI
1994-04-18 08:24 246187 --a------ C:\Park\DATA\MDEDIT-0.ANI
1994-04-18 08:24 19580 --a------ C:\Park\DATA\MDELE-0.ANI
1994-04-18 08:24 1372 --a------ C:\Park\DATA\MDSTA-0.ANI
1994-04-15 08:41 26128 --a------ C:\Park\DATA\MUSIC1-0.DAT
1994-04-15 08:41 192 --a------ C:\Park\DATA\MUSIC1-0.TAB
1994-04-11 07:57 25760 --a------ C:\Park\DATA\MUSIC1-1.DAT
1994-04-11 07:57 192 --a------ C:\Park\DATA\MUSIC1-1.TAB
1994-03-30 05:56 722 --a------ C:\Park\DATA\INPAL.DAT
1994-03-30 05:56 334 --a------ C:\Park\DATA\MUSFRA.ANI
1994-03-30 05:56 2800 --a------ C:\Park\DATA\MUS.DAT
1994-03-30 05:56 262 --a------ C:\Park\DATA\MUS.TAB
1994-03-30 05:56 169 --a------ C:\Park\DATA\MUSELE.ANI
1994-03-04 07:09 64000 --a------ C:\Park\DATA\MIDLAND.DAT
1994-01-20 11:19 10 --a------ C:\Park\DATA\MUSSTA.ANI


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-27 14:18 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-27 14:18 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out

R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]

.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 14:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-29 14:24:23
ComboFix-quarantined-files.txt 2008-02-29 14:23:51
ComboFix2.txt 2008-02-27 12:50:06
.
2008-02-13 16:58:02 --- E O F ---


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:34, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6264 bytes

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
AVG 7.5
BigFix
BitLord 1.1
CardRd81
CC_ccProxyMSI
CC_ccStart
ccCommon
CCHelp
CCScore
Conexant SoftK56 Modem(M)
CR2
Disc2Phone
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Football Manager 2006
Football Manager 2007
Free Asmw PC-Optimizer
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iriver Music Manager
Java 2 Runtime Environment, SE v1.4.2_07
Kodak EasyShare software
KSU
Lexmark Photo Center
Lexmark Z700-P700 Series
LimeWire 4.12.10
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Publisher 2003
Microsoft Picture It! Photo Standard 9
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MOS MP3 Player Driver
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Need2Find Bar
NetHelp
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Notifier
NVIDIA Windows 2000/XP Display Drivers
OTtBP
OTtBPSDK
PaperPort 8.0 SE
PCBugDoctor version 1.0.0.4
PCDLNCH
Peer Points Manager
PKR
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Search Relevancy
Secure Delivery
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SFR
SFR2
Shockwave
Sony Ericsson PC Suite 1.20.173
SpeedTouch USB Software
Spyware Doctor 2.1
StuffPlug-NG (Messenger Plus! Plugins)
Suppression Tool Q9378B17
Symantec Network Driver Update
Symantec Script Blocking Installer
Team Arena Demo
TextBridge Pro 9.0
The Best Offers
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VCAMCEN
Viewpoint Media Player (Remove Only)
VPRINTOL
WebRebates (by TopRebates.com)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Xerox One Touch
Zoom ADSL Modem
Member Avatar for craiggale

thanks alot for your help so far PhilliePhan. My computer now seems alot quicker. However a few more issues have surfaced which i hope you will be able to help with. Programs such as firefox and windows meesenger are no longer able to access the internet. I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted. Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.

Member Avatar for PhilliePhan

thanks alot for your help so far PhilliePhan. My computer now seems alot quicker.

Happy to try to help :)

Programs such as firefox and windows meesenger are no longer able to access the internet.

I was worried about connectivity problems when removing msvrl.dll, hence the use of LSPFix. If you want, you can try running LSPFix again and just click the "Finish" button. But, I doubt this is the problem.
-- I do not even see Firefox installed on this machine. You probably need to re-install it properly.

I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted.

How many firewalls are you running? You should run only ONE software firewall. Running a software firewall along with a hardware firewall is OK.

-- I see that you have just installed AVG Anti-virus along with the existing Norton. This is a bad idea and could very well cause major conflict issues. You need to UNINSTALL one of them! It would be best to wait until we finish before adding any new software. Even Firefox as noted above.

Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.

IE7 is a PITA with regard to its Security Settings. The problem may lie there, though it is more likely to be with the 2 anti-virus apps....

-- Also, you need to be careful with the torrent and P2P stuff - good way to get infested.



ANYHOO, lets continue on. We still have a bunch to do. Once we finish with the cleaning, you can reinstall Firefox and we'll try to work out any remaining problems.


FIRST-
Go into Add/Remove Programs and REMOVE the following:

Java 2 Runtime Environment, SE v1.4.2_07
LimeWire 4.12.10
Messenger Plus! 3 & Sponsor --> If you must reinstall this, do it later and WITHOUT the malware "Sponsor"
Need2Find Bar
PCBugDoctor version 1.0.0.4
Peer Points Manager
Search Relevancy
The Best Offers
WebRebates (by TopRebates.com)

THEN:
Run HijackThis and open the Misc Tools section and select Delete an NT service and follow the instructions to enter and remove System Startup Service (SvcProc)

ALSO-
Have HijackThis "FIX" the following entries:
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

NEXT:
Go here and update your Java --> http://www.java.com/en/


LASTLY:
Please run http://www.eset.com/onlinescan/
-- You will need to temporarily disable your current Anti-virus program.
-- Make sure that the option Remove found threats is Unchecked, and the option Scan unwanted applications is checked.
-- Remember to Re-enable your Resident Anti-virus program after the scan has finished.
-- A logfile ought to be found at C:\\Program Files\\EsetOnlineScanner\\log.txt.
Please post that for me.
I would also like to see a fresh HJT Log from after all of the above has been completed.

And, we'll go from there. Keep me updated on any problems that arise.

Cheers :)
PP

Member Avatar for craiggale

The following threats were found by the online scan. There was no log so i'll just copy the rusults:

win32/adware.404search application
C:\programfiles\INSTARFINK\instrafink.dll

win32/adware.Toolbar.MyWebSearch application
C;\programfiles\uninstallneed2findbar.dll

win32/adware.altnet application
C:\docuentsandsettings\jenny\localsettings\temp\_unin_.exe

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:57, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6114 bytes

Member Avatar for PhilliePhan

You ought to be able to delete this folder manually: C:\programfiles\INSTARFINK
-- Then, run ATF Cleaner again.


I still see AVG7 and Norton present. You should select the one you want to keep and remove the other. Multiple AV apps often come into conflict with each other which can both slow performance and hinder their ability to protect you.
-- Also, please note that Norton can be extremely difficult to remove and if you choose to uninstall it you may need to visit the Norton site for special tools and instructions.


* I will be away from the computer over the weekend. Will check back on Monday!

Cheers :)
PP

Member Avatar for craiggale

sorry, I've been busy the last few days and havn't had a chance to come onto this comp. i have uninstalled Norton as i found it wasn't allowing internet acsses to anything other than internet explorer and it also wasn't letting me view any secure sites. I was unable to change any settings as it was saying i wasn't the administrator for it and i read on the internet that a few other people have had the same problem so i decided to get rid. I still have the disk if i need to reinstall at a later date. I have turned on my windows xp firewall temporarily and there is also a firewall in my router which at the moment is unconfigured. Do you recommend i purchase a new firewall or will i be safe enough the with xp and router firewall?

Member Avatar for PhilliePhan

Do you recommend i purchase a new firewall or will i be safe enough the with xp and router firewall?

Actually neither :)

I would suggest one of the FREE software firewall options in my linky below:

PROTECT YOURSELF FROM MALWARE: Tools & Tips

Generally, you are pretty safe behind your router's hardware firewall. However, in addition to other advantages and features, a good bi-directional software firewall (unlike Windows Firewall) will monitor both incoming and outgoing traffic and alert you when some malware tries to "phone home." PCTools, ZoneAlarm or Agnitum are all pretty decent choices for free options and are a definite step up from the Windows Firewall in XP.

Cheers :)
PP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.