Prometheus Posted February 21, 2005 Report Share Posted February 21, 2005 Hi. i have tried so far to remove all the spyware/adware/malware on my own uding, Ad-Aware SE, Search & Destroy, and Microsoft's Antiware, and thusfar all attempts have been unsuccessfull, every 2 to 4 hours i run the damn services new stuff keeps popping up, gets deleted, and there it is again the next scan. its getting very annoying especially with pop-ups that if not for ad-watch keep popping up every freaking minute.help?!? greatly appreciate it in advance.here is my log :Logfile of HijackThis v1.99.1Scan saved at 6:19:08 PM, on 21/02/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINXP\System32\smss.exeC:\WINXP\system32\winlogon.exeC:\WINXP\system32\services.exeC:\WINXP\system32\lsass.exeC:\WINXP\system32\svchost.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINXP\system32\spoolsv.exeC:\Program Files\ISS\BlackICE\blackd.exeC:\WINXP\System32\CTsvcCDA.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\WINXP\System32\nvsvc32.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINXP\System32\Tablet.exeC:\Program Files\UPSMON\UPSMON_Service.ExeC:\WINXP\System32\MsPMSPSv.exeC:\Program Files\UPSMON\UPSInt.exeC:\WINXP\Explorer.EXEC:\WINXP\System32\RUNDLL32.EXEC:\Program Files\DU Meter\DUMeter.exeC:\WINXP\System32\CTHELPER.EXEC:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exeC:\Program Files\UPSMON\UPSMON.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINXP\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINXP\system32\WTablet\TabUserW.exeC:\Program Files\ISS\BlackICE\blackice.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\Program Files\eDonkey2000\edonkey2000.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -tO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXEO4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exeO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exeO4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXEO4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWizO4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXEO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exeO4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exeO4 - Global Startup: Norton System Doctor.LNK = ?O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocxO21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXEO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exeO23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exeO23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe Link to post Share on other sites
Dan Posted February 21, 2005 Report Share Posted February 21, 2005 Hi Prometheus,I am looking at your log and will have a reply soon.dk Link to post Share on other sites
Prometheus Posted February 22, 2005 Author Report Share Posted February 22, 2005 thanx alot, ill await patiently Link to post Share on other sites
Prometheus Posted February 23, 2005 Author Report Share Posted February 23, 2005 Link to post Share on other sites
Dan Posted February 23, 2005 Report Share Posted February 23, 2005 Hi,Open HijackThis, click the "Scan" button, and check the following items:R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exeO4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXEO4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXEO21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dllIf you or your administrator did not put this restriction on Control Panel, also check this item. These restrictions can also be set by software like Spybot Search & Destroy, SpywareBlaster or another similar protection software:O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present.Close all windows except HijackThis, and click the "Fix Checked" button. Locate the following file and delete it:C:\winxp\system32\elitefad32.exeClick Start --> Find. Find the following file and delete it:ANTIVIRUS.EXEReboot and post a new log.dk Link to post Share on other sites
Prometheus Posted February 24, 2005 Author Report Share Posted February 24, 2005 umm what do i do if i am unable to locate the two fileselitefad32.exe does not exist in the system32 folderand when i did the find, neither of the two files were discovered or found, yet some how, magically, they reappear in the registryalso when i use spybot search and destroy system internals scanit tells me this: Link to post Share on other sites
Dan Posted February 24, 2005 Report Share Posted February 24, 2005 Have you checked: C:\winxp\system32\elitefad32.exeThis is probably not a legit folder unless you have installed windows on that folder. To see if you have 2 System32 folders, click Start --> Find, and search for System32. Tell me where each of the folders are located.dk Link to post Share on other sites
Prometheus Posted February 24, 2005 Author Report Share Posted February 24, 2005 there is only one system32 folder , the WINXP i changed from generic WINDOWS during the last format due to spyware problems, and the path is correct, yet the file is missing..... Link to post Share on other sites
Dan Posted February 24, 2005 Report Share Posted February 24, 2005 Maybe the files are hidden. To make the hidden files show, do this:* Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK.Now try to find the files.dk Link to post Share on other sites
Prometheus Posted February 24, 2005 Author Report Share Posted February 24, 2005 i did as instructed, yet still no file present, or to be found... Link to post Share on other sites
Dan Posted February 24, 2005 Report Share Posted February 24, 2005 Can you please post a new log for me?Thanks,dk Link to post Share on other sites
Prometheus Posted February 25, 2005 Author Report Share Posted February 25, 2005 oky here it isLogfile of HijackThis v1.99.1Scan saved at 9:03:55 PM, on 24/02/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINXP\System32\smss.exeC:\WINXP\system32\winlogon.exeC:\WINXP\system32\services.exeC:\WINXP\system32\lsass.exeC:\WINXP\system32\svchost.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINXP\system32\spoolsv.exeC:\Program Files\ISS\BlackICE\blackd.exeC:\WINXP\System32\CTsvcCDA.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\WINXP\System32\nvsvc32.exeC:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINXP\System32\Tablet.exeC:\Program Files\UPSMON\UPSMON_Service.ExeC:\WINXP\System32\MsPMSPSv.exeC:\Program Files\UPSMON\UPSInt.exeC:\WINXP\System32\RUNDLL32.EXEC:\Program Files\eDonkey2000\edonkey2000.exeC:\Program Files\DU Meter\DUMeter.exeC:\WINXP\System32\CTHELPER.EXEC:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exeC:\Program Files\UPSMON\UPSMON.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINXP\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINXP\system32\WTablet\TabUserW.exeC:\Program Files\ISS\BlackICE\blackice.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINXP\explorer.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Messenger\msmsgs.exeC:\DOCUME~1\Georgiy\LOCALS~1\Temp\~e5d141.tmpC:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\DOCUME~1\Georgiy\LOCALS~1\Temp\~e5d141.tmpC:\WINXP\System32\WISPTIS.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINXP\System32\taskmgr.exeC:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -tO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"O4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXEO4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exeO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXEO4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exeO4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWizO4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXEO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exeO4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exeO4 - Global Startup: Norton System Doctor.LNK = ?O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocxO21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXEO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exeO23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exeO23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe Link to post Share on other sites
Prometheus Posted February 26, 2005 Author Report Share Posted February 26, 2005 i guess the question is ..... can anything be done about those files?________________________________________________________________O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXEO4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exeO4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE Link to post Share on other sites
Dan Posted February 26, 2005 Report Share Posted February 26, 2005 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uIs legit.==========Now to the fixPlease boot into Safe Mode. To do this:* During reboot immediately begin tapping the F8 key when the OS is starting to load up* Windows Advanced Options menu appears.* Use the arrow keys to select Safe mode* press Enter.Open HiackThis, click the "Scan" button, and check the following items:O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXEO4 - HKLM\..\Run: [antiware] C:\winxp\system32\elitefad32.exeO4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXEClose all windows except HijackThis, and click the 'Fix Checked' button.Locate the following file and try to delete it:C:\winxp\system32\elitefad32.exeClick Start --> Find. Find the following file and delete it:ANTIVIRUS.EXEReboot and post a new log, noting any complications that you had.dk Link to post Share on other sites
Prometheus Posted February 26, 2005 Author Report Share Posted February 26, 2005 i think i found why i was having problems of getting rid of those registry values in my windows.as i followed the instructions and went into safe mode, there i was able to find the elitefad32 file, yet the antivirus.exe was still missing, i ran hijackthis fixed it, and deleted it. nothing would reapear in the registry and everything was fine. one question arose though, why would a file be in existance in safe mode and not in normal windows?when i rebooted the registry values were once again where they were and nothing changed, i then realized that my ad-watch has been set to automatic , as well as booting at startup. i turned it of and relogged into windows and re-running hijackthis, and the values were gone. i guess the damn ad-watch was protecting the damn registry the wrong way. anyways heres my log, hopefully it is all clean? ______________________________________________________________________Logfile of HijackThis v1.99.1Scan saved at 3:17:32 PM, on 26/02/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINXP\System32\smss.exeC:\WINXP\system32\winlogon.exeC:\WINXP\system32\services.exeC:\WINXP\system32\lsass.exeC:\WINXP\system32\svchost.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINXP\system32\spoolsv.exeC:\Program Files\ISS\BlackICE\blackd.exeC:\WINXP\System32\CTsvcCDA.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\WINXP\System32\nvsvc32.exeC:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINXP\System32\Tablet.exeC:\Program Files\UPSMON\UPSMON_Service.ExeC:\WINXP\System32\MsPMSPSv.exeC:\Program Files\UPSMON\UPSInt.exeC:\WINXP\Explorer.EXEC:\WINXP\System32\RUNDLL32.EXEC:\Program Files\eDonkey2000\edonkey2000.exeC:\Program Files\DU Meter\DUMeter.exeC:\WINXP\System32\CTHELPER.EXEC:\Program Files\UPSMON\UPSMON.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINXP\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINXP\system32\WTablet\TabUserW.exeC:\Program Files\ISS\BlackICE\blackice.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXEC:\Program Files\Spybot\SpybotSD.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -tO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXEO4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exeO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWizO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exeO4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exeO4 - Global Startup: Norton System Doctor.LNK = ?O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocxO21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXEO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exeO23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exeO23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe Link to post Share on other sites
Dan Posted February 28, 2005 Report Share Posted February 28, 2005 Hi,Sorry for the delay. I was awaiting an answer to your question, because I didn't know it .The file exists in Normal Mode, but it may not be possible to find or delete it for several reasons...It may be in use so that it can't be deleted until it is stopped... It probably won't load in Safe Mode which is why it can be deleted...It may be protected by some other file, so that it is even recreated each time the user tries to kill it... That protection file may not run in Safe Mode, so it is easier to kill...The user has Ad-Watch and is also using MS Antispyware... In addition to possible conflicts between real time protection of the two programs, it is possible that they also may have been protecting the Registry entries that need to be fixed so that the file can be found and killed... Running in Safe Mode would disable them, but the problem may return later when they restore the Registry... If the file is deleted and doesn't have a way to reinstall, this may not matter...Anyway, to the fix.Open HijackThis, click the "Scan" button, and check the following items:O21 - SSODL: VkZjo - {3F2A15DC-9580-BF76-AF99-A678692B0DC0} - C:\WINXP\System32\qrtvf.dllClose all windows except HijackThis, and click the "Fix Checked" button.Find the following file and delete it:C:\WINXP\System32\qrtvf.dllReboot and post a new log.dk Link to post Share on other sites
Prometheus Posted March 2, 2005 Author Report Share Posted March 2, 2005 finally, got rid of that fileheres the new log Logfile of HijackThis v1.99.1Scan saved at 6:33:02 PM, on 02/03/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINXP\System32\smss.exeC:\WINXP\system32\winlogon.exeC:\WINXP\system32\services.exeC:\WINXP\system32\lsass.exeC:\WINXP\system32\svchost.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINXP\system32\spoolsv.exeC:\WINXP\System32\RUNDLL32.EXEC:\Program Files\eDonkey2000\edonkey2000.exeC:\Program Files\DU Meter\DUMeter.exeC:\WINXP\System32\CTHELPER.EXEC:\Program Files\UPSMON\UPSMON.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\ISS\BlackICE\blackd.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\WINXP\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\WINXP\system32\WTablet\TabUserW.exeC:\Program Files\ISS\BlackICE\blackice.exeC:\WINXP\System32\CTsvcCDA.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\WINXP\System32\nvsvc32.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINXP\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINXP\System32\Tablet.exeC:\Program Files\UPSMON\UPSMON_Service.ExeC:\WINXP\System32\MsPMSPSv.exeC:\Program Files\UPSMON\UPSInt.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\WINXP\System32\WISPTIS.EXEC:\WINXP\explorer.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Georgiy\My Documents\Downloadz\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newsru.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -tO4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINXP\UpdReg.EXEO4 - HKLM\..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exeO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWizO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: TabUserW.exe.lnk = C:\WINXP\system32\WTablet\TabUserW.exeO4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exeO4 - Global Startup: Norton System Doctor.LNK = ?O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} - http://www.flashants.com/codebase/fmplayer.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.photolab.ca/activex/PCAXSetup.cab?O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocxO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXEO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exeO23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINXP\System32\Tablet.exeO23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe Link to post Share on other sites
Recommended Posts