aghoffmann
-
Content Count
32 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by aghoffmann
-
-
Hi xxkbxx,
I looked through the "Startup" tab in the System Configuration Utility (aka MSconfig?). I saw several familiar looking files and a couple that I think I could do without, however there were a bunch that I didn't recognize. I don't have any experiece using MSconfig so I don't know how to determine what the unfamiliar files may be doing, or what the ramafication of "disabling" files may be.
The same inexperience applies to the other tabs in the System Configuration Utility window. (General, SYSTEM.INI, WIN.INI, BOOT.INI and Services). These look like things that I shouldn't play around with.
Thanks,
Andy
-
Hi Shanenin,
I don't have any Iomega readers. I also checked the hardware in ControlPanel>System>System Properties>Device Manager and all the devices seem to be operating properly. Hmmm...
Thanks,
Andy
-
Hi Matt,
WHEW! I finally got the SP 1a update completed. Some observations on the process that may be of interest. It took over 42 hours to complete the process… I guess that indicates the severity of my infection. Also, I initially tried downloading the update using IE 6.0 and was severely harassed by “WinAntiVirusPro… I gave up on using IE and opened the site in a FireFox browser and didn’t get any harassment. After the installation and reboot I got the Norton’s Antivirus pop-up again saying it found Trojan.Awax but was unable to fix it. I also got a notice saying “something bad happened…†and generated an ewido.err file.
I had planned to apply the XP SP2 update after I got things cleaned up, but now I understand why the update needed to be applied first. I’m curious why you recommended applying SP1a and not SP2?
Thanks,
Andy
Here’s the latest log:
Logfile of HijackThis v1.99.1
Scan saved at 7:10:15 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Andy/My%20Documents/LocalHome.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19c2f1ca1d2e57085d06/...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sy...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
More information needed:
Is your computer proprietary (Dell, HP/Compaq or etc.)?
• No, its not proprietary, it’s a “home builtâ€
o Asus P4P800-E Deluxe Socket 478 Mother Board with 8-channel Audio, AGP 8x, USB 2.0, Firewire, 10/100/1000 Gigabite LAN, WiFi, WOL, WOR and Hyperthreading Techonolgy supporto Intel Pentium 4 / 3.0 GHz / 512K Cache / 800Mhz FSB / Socket478/ Hyperthreading / Processoro Sapphire Radeon 9600se Video Card / 128 MB DDR / AGP 8x / TV Out & DVIo 2, Ultra 512MB PC3200 DDR 400MHz Memory (1024 MB total)o Maxtor 120GB / 7200 / 8MB / 9.3 / ATA-150 Serial ATA Hard driveo Toshiba SDR1112 DVD Burnero MSI 16x DVD-ROM Driveo Mitsumi Interal USB 2.0 Floppy, 7-1 Card ReaderIs XP the original OS installed or was it upgraded to XP?
• Yes XP is the original OS. I purchased the Microsoft Windows XP Pro Edition OEM Version with the above hardware.
What are your system hardware specs?
• See above… does that cover it?
What non-Windows programs are you running?
• To my knowledge there are no “non-Windows†programs, however the kids may have loaded some games that aren’t Windows. Is there a way to determine if there are some non-Windows programs?
Thanks for looking into this. This isn’t really a big deal, it doesn’t seem to be affecting my system performance, and I haven’t noticed any hardware or software that aren’t working… it’s just an annoyance to have to deal with it every time I boot up, and it makes me wonder what it is that “application that will not run on this Operating System…â€
BTW… I am an organ donor….
-
-
I have been having lots of problems with the "Sys-protect", "Winantivirous" family of trojans on another computer. It has rendered the computer basically worthless. The system runs EXTREMELY slow; if I click on an icon it may take several minutes to get a response. I continually get a Norton antivirus pop-up saying it found the Trojan.awax but was unable to fix it. The problem appears to be related to the tuspp.dll and opppp.dll files and winlogon.exe dragging down the performance. I've tried several "anti-spy, anti-malware" type programs which seemed to find and fix lots of problems, but none resolved my primary problem. Nothing seems to be able to remove the dll files listed above.
I found the following article in your forums regarding fixes recommended from a HijackThis log. It addresses the tuspp.dll, but not the opppp.dll. Can I follow the recommendation in that posting or would the fix be specific to my system?
http://www.besttechie.net/forums/index.php...tuspp\.dll
Thanks!
Here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:26:18 PM, on 7/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Andy/My%20Documents/LocalHome.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19c2f1ca1d2e57085d06/...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sy...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Tuspp.dl, Opppp.dll And Trojan.awax Problems[RESOLVED]
in Malware Removal
Posted
Hi Matt,
I followed your instructions as best as I could, however I ran in to a couple of problems:
I currently have “CounterSpy, a-squared, spy-bot and Norton Anti-virus installed on the machine. Could these be interfering
Thanks,
Andy
_________________________________________
VundoFix.txt
VundoFix V5.1.3
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.4.2.2
Scan started at 8:55:30 PM 7/13/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
_____________________________
Ewido.err
//==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 00000001 <pages range base not found>
Exception Date: 07/09/2006 17:04:59
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp
Registers:
EAX:00000001
EBX:00000000
ECX:00000000
EDX:77FC49C0
ESI:00432B17
EDI:00FD6730
CS:EIP:001B:00000001
SS:ESP:0023:052AFE98 EBP:052AFEE4
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00010202
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
00000001 052AFEE4 00432B17 00FD6730 00000001 00000000 <pages range base not found>
77F8777E 052AFF48 77F87766 00185540 00000000 00000000 0001:0003677E C:\WINDOWS\System32\ntdll.dll
77F956E5 052AFFB4 00000000 00000000 00000000 00000000 0001:000446E5 C:\WINDOWS\System32\ntdll.dll
77E765DA 052AFFEC <frame 052AFFEC not readable>
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
00000001 052AFE94 77F95FC9 00FD6730 00000001 00185540 <pages range base not found>
00432B42 052AFEE4 00432B17 00FD6730 00000001 00000000 0001:00031B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F8777E 052AFF48 77F87766 00185540 00000000 00000000 RtlDebugPrintTimes+1A
77F956E5 052AFFB4 00000000 00000000 00000000 00000000 RtlSetIoCompletionCallback+AF
77E765DA 052AFFEC 77F950AE 00000000 00000000 6D52C1A0 lstrcmpiW+98
Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F50000 0A6000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll
77E60000 0E0000 5.01.2600.0153 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 //==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 00000020 <pages range base not found>
Exception Date: 07/09/2006 19:26:15
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp
Registers:
EAX:00000020
EBX:00000000
ECX:00000000
EDX:77FC49C0
ESI:00432B17
EDI:00FD1AB0
CS:EIP:001B:00000020
SS:ESP:0023:03EBFE98 EBP:03EBFEE4
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00010202
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
00000020 03EBFEE4 00432B17 00FD1AB0 00000001 00000000 <pages range base not found>
77F8777E 03EBFF48 77F87766 00186470 00000000 00000000 0001:0003677E C:\WINDOWS\System32\ntdll.dll
77F956E5 03EBFFB4 00000000 00000000 00000000 00000000 0001:000446E5 C:\WINDOWS\System32\ntdll.dll
77E765DA 03EBFFEC 77F950AE 00000000 00000000 00000000 0001:000155DA C:\WINDOWS\system32\kernel32.dll
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
00000020 03EBFE94 77F95FC9 00FD1AB0 00000001 00186470 <pages range base not found>
00432B42 03EBFEE4 00432B17 00FD1AB0 00000001 00000000 0001:00031B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F8777E 03EBFF48 77F87766 00186470 00000000 00000000 RtlDebugPrintTimes+1A
77F956E5 03EBFFB4 00000000 00000000 00000000 00000000 RtlSetIoCompletionCallback+AF
77E765DA 03EBFFEC 77F950AE 00000000 00000000 00000000 lstrcmpiW+98
Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F50000 0A6000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll
77E60000 0E0000 5.01.2600.0153 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 //==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 00000001 <pages range base not found>
Exception Date: 07/10/2006 11:14:49
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp
Registers:
EAX:00000001
EBX:00000000
ECX:00000000
EDX:77FC49C0
ESI:00432B17
EDI:00FD6B40
CS:EIP:001B:00000001
SS:ESP:0023:05CAFE98 EBP:05CAFEE4
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00010202
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
00000001 05CAFEE4 00432B17 00FD6B40 00000001 00000000 <pages range base not found>
77F8777E 05CAFF48 77F87766 00187180 00000000 00000000 0001:0003677E C:\WINDOWS\System32\ntdll.dll
77F956E5 05CAFFB4 00000000 00000000 00000000 00000000 0001:000446E5 C:\WINDOWS\System32\ntdll.dll
77E765DA 05CAFFEC <frame 05CAFFEC not readable>
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
00000001 05CAFE94 77F95FC9 00FD6B40 00000001 00187180 <pages range base not found>
00432B42 05CAFEE4 00432B17 00FD6B40 00000001 00000000 0001:00031B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F8777E 05CAFF48 77F87766 00187180 00000000 00000000 RtlDebugPrintTimes+1A
77F956E5 05CAFFB4 00000000 00000000 00000000 00000000 RtlSetIoCompletionCallback+AF
77E765DA 05CAFFEC 77F950AE 00000000 00000000 6D52C1A0 lstrcmpiW+98
Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F50000 0A6000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll
77E60000 0E0000 5.01.2600.0153 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.0000 C:\WINDOWS\System32\PSAPI.DLL
10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
70BD0000 065000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll
77C10000 053000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
77C70000 03E000 5.01.2600.0151 C:\WINDOWS\system32\GDI32.dll
77D40000 086000 5.01.2600.0152 C:\WINDOWS\system32\USER32.dll
77DD0000 08B000 5.01.2600.0000 C:\WINDOWS\system32\ADVAPI32.dll
78000000 06F000 5.01.2600.0135 C:\WINDOWS\system32\RPCRT4.dll
71AB0000 015000 5.01.2600.0000 C:\WINDOWS\System32\WS2_32.dll
71AA0000 008000 5.01.2600.0000 C:\WINDOWS\System32\WS2HELP.dll
76B40000 02C000 5.01.2600.0000 C:\WINDOWS\System32\WINMM.dll
773D0000 7EE000 6.00.2600.0115 C:\WINDOWS\system32\SHELL32.dll
76380000 005000 5.01.2600.0000 C:\WINDOWS\System32\MSIMG32.dll
763B0000 045000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
71950000 0E4000 6.00.2600.0000 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
771B0000 113000 5.01.2600.0136 C:\WINDOWS\system32\ole32.dll
71AD0000 008000 5.01.2600.0000 C:\WINDOWS\System32\WSOCK32.dll
76D60000 015000 5.01.2600.0002 C:\WINDOWS\System32\iphlpapi.dll
76DE0000 026000 5.01.2600.0000 C:\WINDOWS\System32\netman.dll
76D40000 016000 5.01.2600.0000 C:\WINDOWS\System32\MPRAPI.dll
76E40000 02F000 5.01.2600.0000 C:\WINDOWS\System32\ACTIVEDS.dll
76E10000 024000 //==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 00000020 <pages range base not found>
Exception Date: 07/13/2006 18:22:36
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp
Registers:
EAX:00000020
EBX:00000000
ECX:00000000
EDX:77FC59C0
ESI:00432B17
EDI:00F46BB8
CS:EIP:001B:00000020
SS:ESP:0023:03DCFE98 EBP:03DCFEE4
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00010202
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
00000020 03DCFEE4 00432B17 00F46BB8 00000001 00000000 <pages range base not found>
77F87FD4 03DCFF48 77F87FBC 00180CD8 00000000 00000000 0001:00036FD4 C:\WINDOWS\System32\ntdll.dll
77F9613D 03DCFFB4 00000000 77FA88F0 04227630 00000000 0001:0004513D C:\WINDOWS\System32\ntdll.dll
77E7D28E 03DCFFEC 77F95B06 00000000 00000000 00000000 0001:0001C28E C:\WINDOWS\system32\kernel32.dll
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
00000020 03DCFE94 77F96A21 00F46BB8 00000001 00180CD8 <pages range base not found>
00432B42 03DCFEE4 00432B17 00F46BB8 00000001 00000000 0001:00031B42 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F87FD4 03DCFF48 77F87FBC 00180CD8 00000000 00000000 RtlDebugPrintTimes+1A
77F9613D 03DCFFB4 00000000 77FA88F0 04227630 00000000 RtlSetIoCompletionCallback+AF
77E7D28E 03DCFFEC 77F95B06 00000000 00000000 00000000 RegisterWaitForInputIdle+43
Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
77F50000 0A7000 5.01.2600.1217 C:\WINDOWS\System32\ntdll.dll
77E60000 0E6000 5.01.2600.1560 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.1106 C:\WINDOWS\System32\PSAPI.DLL
10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
70A70000 064000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll
77C10000 053000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll
7F000000 041000 5.01.2600.1561 C:\WINDOWS\system32\GDI32.dll
77D40000 08C000 5.01.2600.1561 C:\WINDOWS\system32\USER32.dll
77DD0000 08D000 5.01.2600.1106 C:\WINDOWS\system32\ADVAPI32.dll
78000000 087000 5.01.2600.1361 C:\WINDOWS\system32\RPCRT4.dll
71AB0000 015000 5.01.2600.0000 C:\WINDOWS\System32\WS2_32.dll
71AA0000 008000 5.01.2600.0000 C:\WINDOWS\System32\WS2HELP.dll
76B40000 02C000 5.01.2600.1106 C:\WINDOWS\System32\WINMM.dll
773D0000 7F2000 6.00.2800.1233 C:\WINDOWS\system32\SHELL32.dll
76380000 005000 5.01.2600.1106 C:\WINDOWS\System32\MSIMG32.dll
763B0000 045000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll
71950000 0E4000 6.00.2800.1106 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll
771B0000 124000 5.01.2600.1362 C:\WINDOWS\system32\ole32.dll
71AD0000 008000 5.01.2600.0000 //==<ewido anti-spyware 4.0>===================================
Exception code: C0000005
______________________________________
New Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 5:18:45 PM, on 7/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andy\My Documents\Downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Andy/My%20Documents/LocalHome.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\System32\opppp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\tuspp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19c2f1ca1d2e57085d06/...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sy...nnerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: opppp - C:\WINDOWS\System32\opppp.dll
O20 - Winlogon Notify: tuspp - C:\WINDOWS\SYSTEM32\tuspp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
______________________________________
Screen capture of error