I have done everything I know to get rid of this spyware that is plagueing me. Elite ToolBar and WWWCoolSearch just will not die! I have deleted them with NAV, I have deleted them with Spybot, I have used CWShredder. I have deleted the bad files from where they are. I have deleted them from the registry, and I have used HijackThis. At one point I was 100% I had it clean, but I had to get on another computer and download WinsockXPFix because getting rid of the spyware had made it to where I couldn't get online. After I ran that I could get back online, but the spyware came back. Obviously I'm missing something, or I keep going to the same bad places when I get online. What do I need to do? Thanks in advance for any advice.
alaska98
0
Light Poster
Recommended Answers
Jump to PostI don't know if this will help you but I launched a big anti-crapware assault on my computer and hardly anything gets past me anymore.
I would run AntiVi XP. It seems to …
Jump to PostI have done everything I know to get rid of this spyware that is plagueing me. Elite ToolBar and WWWCoolSearch just will not die! I have deleted them with NAV, I have deleted them with Spybot, I have used CWShredder. I have deleted the bad files from where they are. …
Jump to PostYour copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to …
Jump to PostWow, a lot happened while I was posting this! :eek:
Do you have a firewall (and is it enabled)? That should be your first line of defense (a hardware firewall is better, but a software firewall at least -- both is best!).
Next would be an up-to-date anti-virus …
Jump to PostVIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall …
All 17 Replies
pizzafiend
0
Junior Poster
I don't know if this will help you but I launched a big anti-crapware assault on my computer and hardly anything gets past me anymore.
I would run AntiVi XP. It seems to catch some crap that VirusScan and AVG don't get.
Usually then I run Ad-Aware SE, followed by Spybot: S&D. I then double check with Hijack This. Hope this helps.
caperjack
875
I hate 20 Questions
Team Colleague
I have done everything I know to get rid of this spyware that is plagueing me. Elite ToolBar and WWWCoolSearch just will not die! I have deleted them with NAV, I have deleted them with Spybot, I have used CWShredder. I have deleted the bad files from where they are. I have deleted them from the registry, and I have used HijackThis. At one point I was 100% I had it clean, but I had to get on another computer and download WinsockXPFix because getting rid of the spyware had made it to where I couldn't get online. After I ran that I could get back online, but the spyware came back. Obviously I'm missing something, or I keep going to the same bad places when I get online. What do I need to do? Thanks in advance for any advice.
post a hijackthis log ,we'll have a look
alaska98
0
Light Poster
Ok, here is my current Hijack log....
Logfile of HijackThis v1.99.0
Scan saved at 10:05:56 PM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Documents and Settings\ANNALEAH\Desktop\Desktop\runescape.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\ANNALEAH\Local Settings\Temp\Temporary Directory 1 for hijackthis[2].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\ANNALEAH\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3367F46-8ED0-445D-9415-110C55DA5EF8}: NameServer = 198.68.210.2 204.117.214.10
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I was told to get rid of the O1's but they keep coming back. Minibug won't die either.
caperjack
875
I hate 20 Questions
Team Colleague
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
,,,,,,,,,,,,,,,
I have to give up the computer to my daughrt before she drives me nuts ,will check back later .
dlh6213
27
Posting Maven
Team Colleague
Wow, a lot happened while I was posting this! :eek:
Do you have a firewall (and is it enabled)? That should be your first line of defense (a hardware firewall is better, but a software firewall at least -- both is best!).
Next would be an up-to-date anti-virus program.
The third means of protection is to get SpywareBlaster and/or SpywareGuard. These two programs block known malware from getting to your system (as with AV programs, you need to keep them updated for best protection).
Once you have yourself protected, you should have Spybot and Adaware to help catch most of what gets past that protection.
Finally, you should have Hijackthis to help find more specialized problems; many of these can be resolve with HJT itself, but even for the ones that can't be, it is used to identify them so more specific/specialized fixes can be determined.
I realize you already mentioned having some of these, I just listed it all for anyone else that comes across this thread.
caperjack
875
I hate 20 Questions
Team Colleague
VIrtualBouncer malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs.
check in control panel add and remove programs to uninstall it maybe .
,,,,,,,,,,,,,,,,,,,,,,
then od the following
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
close all browser windows and fix the 01s' and fix this one also
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
..........
reboot to safe mode ,hitting f8 on startup and delete following folder .
C:\Program Files\VBouncer\
reboot and post new log
dlh6213
27
Posting Maven
Team Colleague
Here's some more info on the Bouncer (if you're interested):
http://www.iamnotageek.com/a/bundleouter.exe.php
Before you post a new log, empty the contents of all Temp and Temporary Internet folders for all users on the computer.
alaska98
0
Light Poster
Question about that... 2 of the users of this computer have it set where I don't have access to their files. Any way I can change that?
dlh6213
27
Posting Maven
Team Colleague
Do you have admin rights on this computer? If so, are you using XP Home or XP Pro? If XP Home, and you have admin rights, you should be able to access them in Safe Mode. If XP Pro, you should be able to do it from Normal Mode (I think).
By the way, if you're "ANNALEAH" that's the main one we need to worry about right now.
alaska98
0
Light Poster
Ok, I've got 3 things in temporary internet files that won't delete.
dlh6213
27
Posting Maven
Team Colleague
Ok, I've got 3 things in temporary internet files that won't delete.
Did you try it from Safe Mode? If not, give that a try.
alaska98
0
Light Poster
ok, i tried in safe mode, but i still cant delete those same 3. also, in safe mode, access is denied to other peoples' stuff whether im logged on as me or as administrator
dlh6213
27
Posting Maven
Team Colleague
Hmmmm... Well, for now, reboot normally, make sure Hijackthis is in it's own folder (as suggested earlier), close all browser windows, scan with HJT, and post a new log. We'll get to those temp things later.
alaska98
0
Light Poster
Ok, there's the log after doing all of that. I did tell it to fix the O1's, but they keep coming back.
Logfile of HijackThis v1.99.0
Scan saved at 11:47:28 PM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ANNALEAH\My Documents\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3367F46-8ED0-445D-9415-110C55DA5EF8}: NameServer = 198.68.210.2 204.117.214.10
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
dlh6213
27
Posting Maven
Team Colleague
This should help with the 01 entries:
Download and run the program Hoster which gives you the ability to restore the default host file back onto your machine. To do so, when it opens, click on the Restore Original Hosts button and then exit Hoster. You can get Hoster here:
http://members.aol.com/toadbee/hoster.zip
Go to Add/Remove Programs in your Control Panel and remove WildTangent if it's there
Close all browser windows, scan with HJT, and have it fix the following:
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
Reboot into Safe Mode
Go to C:\Program Files and delete the WildTangent folder
Reboot normally
The problem that was in your Temp folder before is gone now so you must have been able to delete that one. I'm still concerned about the ones you couldn't delete though. Can you tell us what they are?
Do you know if this is this your ISP? O17 - HKLM\System\CCS\Services\Tcpip\..\{A3367F46-8ED0-445D-9415-110C55DA5EF8}: NameServer = 198.68.210.2 204.117.214.10
Close all browser windows, scan with HJT, and post a new log
(This is about it for me tonight, have a Merry Christmas!)
alaska98
0
Light Poster
Ok, I did all that, and this is what I have now. The 3 files I can'd delete are from nightmedia.net, spe.atdmt.com, and a.tribalfusion.com. The first 2 are picture files, and the last is an ad file. I'm not sure what O17 - HKLM\System\CCS\Services\Tcpip\..\{A3367F46-8ED0-445D-9415-110C55DA5EF8}: NameServer = 198.68.210.2 204.117.214.10 is. The first set goes to cooke.net which is my ISP, but I dunno what the second set is.
Logfile of HijackThis v1.99.0
Scan saved at 10:51:50 AM, on 12/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ANNALEAH\My Documents\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3367F46-8ED0-445D-9415-110C55DA5EF8}: NameServer = 198.68.210.2 204.117.214.10
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
dlh6213
27
Posting Maven
Team Colleague
Is that Nightmedia.net, or Rightmedia.net? If it's Nightmedia, it shouldn't really be a problem (though I don't like anything that won't deleted from a Temp folder).
If it's Rightmedia, it, as well as spe.atdmt.com, and a.tribalfusion.com are all related to adware and should be removed. Unfortunately, I don't know how to remove things from a Temp folder that won't delete, even while in Safe Mode (having a similar problem in another thread). Hopefully someone will come along that can assist with this.
Your log looks clean to me, so this should be your only problem.
(I'm not sure about the O17 either, don't know enough about that. :( )
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.