Need help imediately (w/hijackthis log)

ilove · 12-23-2004, 11:11 PM

I have no idea what happen to my computer, I have norton 2005 and firewall, spyware detector install in my computer.
My problem is everytime I open my text files they close automatic. I did a full virus and spyware scan, after clear up the spyware, it stilll happen, I even unplug my internet connection to see is anybody controling my pc, I need to keep the text file open so I can do my work, I lost my works just because it automatic close and it didn't even save them !
can anyone please help me ?

intercodes · 12-24-2004, 08:00 AM

ilove,

So, there is still virus/worm hanging around.Can you do an online virus scan from here
http://housecall.trendmicro.com/hous...start_corp.asp

And download 'hijackthis', save the files to a folder ,say c:/scan [important] and post a log in here.

ilove · 12-24-2004, 11:01 AM

I went to the web site you gave me and have a full scan, after scanning my computer I create my hijackthis log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\install\SkyNet\FireWall\pfw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\install\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\conime.exe
C:\install\Tencent\TT\TTraveler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\software\spyware remove\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C088C334-B86C-344C-0F4B-E6396812E3BB} - C:\WINDOWS\addke32.dll
O3 - Toolbar: ÂµÃ§ÃŒÂ¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [wzfibc] C:\WINDOWS\System32\wzfibc.exe
O4 - HKLM\..\Run: [miwgjnokae] C:\WINDOWS\System32\egtgfkrr.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Owner\LOCALS~1\Temp\~compoundinst0\au to_update_loader.exe"
O4 - HKLM\..\Run: [2E.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\install\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [apije32.exe] C:\WINDOWS\apije32.exe
O4 - HKLM\..\Run: [2E.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\system32\ntyz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\install\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Spyware Doctor] "C:\install\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\install\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\installs\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C

ne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã‡Ã·ÃŠÃ†Â¿Ã†Â¼Â¼Ã”ÃšÃÃŸÃ‰Â¨Â¶Â¾Â³ÃŒÃÃ²) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\criv.exe (file missing)

Dave · 12-24-2004, 07:45 PM

Hi ilove. I'm looking at your HJT log. While I'm looking, please download CWShredder (see sig) and run it. It may take care of some of your problems. Make sure that all browser windows are closed.

After that, run HJT and post a new log.

Dave

Dave · 12-24-2004, 08:17 PM

If you have any questions about items to be fixed and you think they should remain, please let us know.

Turn off your system restore (can be turned back after fixes) and fix the following:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe

O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] " C:\DOCUME~1\Owner\LOCALS~1\Temp\~compoundinst0\aut
o_update_loader.exe"
O4 - HKLM\..\Run: [2E.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129
O4 - HKLM\..\Run: [2E.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129

Fix the following hijackers:

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)

If you don't recognize the name of the object, or the URL it was downloaded from with the following log items, have HijackThis fix it:

O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã‡Ã·ÃŠÃ†Â¿Ã†Â¼Â¼Ã”ÃšÃÃŸÃ‰Â¨Â¶Â¾Â³ÃŒÃÃ²) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

Fix the following if the domain is not from your ISP or company network:

O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39

After fixing:

Reboot into safe mode.
Delete the file winupdtl.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\
Remove all files from your C:\WINDOWS\TEMP folder and your C:\DOCUMENTS AND SETTINGS\(your username)\LOCAL SETTINGS\Temp\ folder. (Do NOT delete the folders themselves).
Delete the file in the "O4 - [msmc]" entry of your log.
Empty your recycle bin.
You should run Windows Update and install all critical updates.
Make sure your anti-virus program is up to date and run it.
Reboot one last time.

Lastly, run HJT again making sure all browser windows are closed and post the log here.

Dave

ilove · 12-29-2004, 10:50 PM

Hi, thanks for the reply, here is the log file I make after reboot my computer from safe mode, I also have some question to ask, first is in my log file it always have trust zone point to some web site, I don't know why but everytime I fix them by suing the fix tool in hijack this, then when i visit some web site and I use it scan again, there are some othe rsites there. Second, when i use the wintask tool and I see there is a service call svchost.exe
local service some time takes up 50% or more cpu usage and I can't cancel it. That is all my question I want to ask, Thank You

Logfile of HijackThis v1.99.0
Scan saved at 23:38:18, on 2004-12-29
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\install\SkyNet\FireWall\pfw.exe
C:\install\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\install\Spyware Doctor\swdoctor.exe
C:\Downloads\software\spyware remove\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\install\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\install\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ã§Â”ÂµÃ¥ÂÂ°(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\install\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [wzfibc] C:\WINDOWS\System32\wzfibc.exe
O4 - HKLM\..\Run: [miwgjnokae] C:\WINDOWS\System32\egtgfkrr.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\install\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\install\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\install\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Spyware Doctor] "C:\install\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½ - C:\install\FlashGet\jc_link.htm
O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½Ã¥ Â…Â¨Ã©ÂƒÂ¨Ã©Â“Â¾Ã¦ÂŽÂ¥ - C:\install\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\install\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Ã¦ÂŽÂ§Ã¥ÂˆÂ¶Ã¥ÂÂ° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\install\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\install\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\installs\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\install\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\install\FlashGet\flashget.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã¨Â¶Â‹Ã¥ÂŠÂ¿Ã§Â§Â‘Ã¦ÂŠÂ€Ã¥ÂœÂ¨Ã§ÂºÂ¿Ã¦Â‰Â«Ã¦Â¯Â’Ã §Â¨Â‹Ã¥ÂºÂ) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

southernlady · 01-08-2005, 02:35 PM

ilove,

Quote:

there is a service call svchost.exe
local service some time takes up 50% or more cpu usage and I can't cancel it.

A description of Svchost.exe in Windows XP

Run Hijack This again but this time in Safe Mode:and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

BECAUSE SAFE MODE IS INACCESSIBLE TO ONLINE, PLEASE PRINT THIS OUT AND HAVE IT ON NOTEPAD TO REFER TO BEFORE DOING THIS AND ASK ANY QUESTIONS BEFORE PROCEEDING.

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe

O4 - HKLM\..\Run: [wzfibc] C:\WINDOWS\System32\wzfibc.exe

O4 - HKLM\..\Run: [miwgjnokae] C:\WINDOWS\System32\egtgfkrr.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe msmc/ClientMan

IF YOU DO NOT recognize this, fix it:
O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½ - C:\install\FlashGet\jc_link.htm

IF YOU DO NOT recognize this, fix it:
O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½Ã¥ Â…Â¨Ã©ÂƒÂ¨Ã©Â“Â¾Ã¦ÂŽÂ¥ - C:\install\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.static.topconverting.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted Zone: *.static.topconverting.com (HKLM)

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp%in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot

Empty the Recycle Bin

Then post another log. Liz

southernlady · 01-20-2005, 08:01 PM

Closing this thread due to lack of activity. Liz

12-23-2004, 11:11 PM	#1 (permalink)
ilove Newb Techie Join Date: Oct 2004 Posts: 18	Need help imediately I have no idea what happen to my computer, I have norton 2005 and firewall, spyware detector install in my computer. My problem is everytime I open my text files they close automatic. I did a full virus and spyware scan, after clear up the spyware, it stilll happen, I even unplug my internet connection to see is anybody controling my pc, I need to keep the text file open so I can do my work, I lost my works just because it automatic close and it didn't even save them ! can anyone please help me ?

12-24-2004, 11:01 AM	#3 (permalink)
ilove Newb Techie Join Date: Oct 2004 Posts: 18	I went to the web site you gave me and have a full scan, after scanning my computer I create my hijackthis log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\install\SkyNet\FireWall\pfw.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\install\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\conime.exe C:\install\Tencent\TT\TTraveler.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Downloads\software\spyware remove\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C088C334-B86C-344C-0F4B-E6396812E3BB} - C:\WINDOWS\addke32.dll O3 - Toolbar: ÂµÃ§ÃŒÂ¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe O4 - HKLM\..\Run: [wzfibc] C:\WINDOWS\System32\wzfibc.exe O4 - HKLM\..\Run: [miwgjnokae] C:\WINDOWS\System32\egtgfkrr.exe O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\Owner\LOCALS~1\Temp\~compoundinst0\au to_update_loader.exe" O4 - HKLM\..\Run: [2E.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129 O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\install\SkyNet\FireWall\pfw.exe O4 - HKLM\..\Run: [apije32.exe] C:\WINDOWS\apije32.exe O4 - HKLM\..\Run: [2E.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [ntyz.exe] C:\WINDOWS\system32\ntyz.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\install\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Spyware Doctor] "C:\install\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\install\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\installs\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .awmdabest.com O15 - Trusted Zone: .blazefind.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .flingstone.com O15 - Trusted Zone: .frame.crazywinnings.com O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchbarcash.com O15 - Trusted Zone: .slotch.com O15 - Trusted Zone: .static.topconverting.com O15 - Trusted Zone: .xxxtoolbar.com O15 - Trusted Zone: .05p.com (HKLM) O15 - Trusted Zone: .awmdabest.com (HKLM) O15 - Trusted Zone: .blazefind.com (HKLM) O15 - Trusted Zone: .clickspring.net (HKLM) O15 - Trusted Zone: .flingstone.com (HKLM) O15 - Trusted Zone: .frame.crazywinnings.com (HKLM) O15 - Trusted Zone: .scoobidoo.com (HKLM) O15 - Trusted Zone: .searchbarcash.com (HKLM) O15 - Trusted Zone: .slotch.com (HKLM) O15 - Trusted Zone: .static.topconverting.com (HKLM) O15 - Trusted Zone: .xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.124.130 (HKLM) O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã‡Ã·ÃŠÃ†Â¿Ã†Â¼Â¼Ã”ÃšÃÃŸÃ‰Â¨Â¶Â¾Â³ÃŒÃÃ²) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\criv.exe (file missing)

12-24-2004, 07:45 PM	#4 (permalink)
Dave Admin In Charge Join Date: Mar 2002 Location: "Almost Heaven" USA Posts: 4,840	Hi ilove. I'm looking at your HJT log. While I'm looking, please download CWShredder (see sig) and run it. It may take care of some of your problems. Make sure that all browser windows are closed. After that, run HJT and post a new log. Dave __________________ Tech Forums Moderating Policies \| Forum Rules \| ***PROFANITY*** Note that I do not accept support requests via IM, email, or PMs. Please ask it on the forums. Trying this out: My Dollar Store :: Naturally Good

12-24-2004, 08:17 PM	#5 (permalink)
Dave Admin In Charge Join Date: Mar 2002 Location: "Almost Heaven" USA Posts: 4,840	If you have any questions about items to be fixed and you think they should remain, please let us know. Turn off your system restore (can be turned back after fixes) and fix the following: R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] " C:\DOCUME~1\Owner\LOCALS~1\Temp\~compoundinst0\aut o_update_loader.exe" O4 - HKLM\..\Run: [2E.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129 O4 - HKLM\..\Run: [2E.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\2E.tmp.exe 1 28129 Fix the following hijackers: O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .awmdabest.com O15 - Trusted Zone: .blazefind.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .flingstone.com O15 - Trusted Zone: .frame.crazywinnings.com O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchbarcash.com O15 - Trusted Zone: .slotch.com O15 - Trusted Zone: .static.topconverting.com O15 - Trusted Zone: .xxxtoolbar.com O15 - Trusted Zone: .05p.com (HKLM) O15 - Trusted Zone: .awmdabest.com (HKLM) O15 - Trusted Zone: .blazefind.com (HKLM) O15 - Trusted Zone: .clickspring.net (HKLM) O15 - Trusted Zone: .flingstone.com (HKLM) O15 - Trusted Zone: .frame.crazywinnings.com (HKLM) O15 - Trusted Zone: .scoobidoo.com (HKLM) O15 - Trusted Zone: .searchbarcash.com (HKLM) O15 - Trusted Zone: .slotch.com (HKLM) O15 - Trusted Zone: .static.topconverting.com (HKLM) O15 - Trusted Zone: .xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.124.130 (HKLM) If you don't recognize the name of the object, or the URL it was downloaded from with the following log items, have HijackThis fix it: O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã‡Ã·ÃŠÃ†Â¿Ã†Â¼Â¼Ã”ÃšÃÃŸÃ‰Â¨Â¶Â¾Â³ÃŒÃÃ²) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab Fix the following if the domain is not from your ISP or company network: O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 After fixing: Reboot into safe mode. Delete the file winupdtl.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\ Remove all files from your C:\WINDOWS\TEMP folder and your C:\DOCUMENTS AND SETTINGS\(your username)\LOCAL SETTINGS\Temp\ folder. (Do NOT delete the folders themselves). Delete the file in the "O4 - [msmc]" entry of your log. Empty your recycle bin. You should run Windows Update and install all critical updates. Make sure your anti-virus program is up to date and run it. Reboot one last time. Lastly, run HJT again making sure all browser windows are closed and post the log here. Dave __________________ Tech Forums Moderating Policies \| Forum Rules \| ***PROFANITY*** Note that I do not accept support requests via IM, email, or PMs. Please ask it on the forums. Trying this out: My Dollar Store :: Naturally Good

01-20-2005, 08:01 PM	#8 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	Closing this thread due to lack of activity. Liz __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!

12-24-2004, 08:00 AM	#2 (permalink)
intercodes Ultra Techie Join Date: Jun 2004 Posts: 973	ilove, So, there is still virus/worm hanging around.Can you do an online virus scan from here http://housecall.trendmicro.com/hous...start_corp.asp And download 'hijackthis', save the files to a folder ,say c:/scan [important] and post a log in here.

12-29-2004, 10:50 PM	#6 (permalink)
ilove Newb Techie Join Date: Oct 2004 Posts: 18	Hi, thanks for the reply, here is the log file I make after reboot my computer from safe mode, I also have some question to ask, first is in my log file it always have trust zone point to some web site, I don't know why but everytime I fix them by suing the fix tool in hijack this, then when i visit some web site and I use it scan again, there are some othe rsites there. Second, when i use the wintask tool and I see there is a service call svchost.exe local service some time takes up 50% or more cpu usage and I can't cancel it. That is all my question I want to ask, Thank You Logfile of HijackThis v1.99.0 Scan saved at 23:38:18, on 2004-12-29 MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\install\SkyNet\FireWall\pfw.exe C:\install\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\install\Spyware Doctor\swdoctor.exe C:\Downloads\software\spyware remove\hijackthis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\install\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\install\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Ã§Â”ÂµÃ¥ÂÂ°(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\install\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\install\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe O4 - HKLM\..\Run: [wzfibc] C:\WINDOWS\System32\wzfibc.exe O4 - HKLM\..\Run: [miwgjnokae] C:\WINDOWS\System32\egtgfkrr.exe O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\install\SkyNet\FireWall\pfw.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\install\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\install\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [Spyware Doctor] "C:\install\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½ - C:\install\FlashGet\jc_link.htm O8 - Extra context menu item: Ã¤Â½Â¿Ã§Â”Â¨Ã§Â½Â‘Ã©Â™Â…Ã¥Â¿Â«Ã¨Â½Â¦Ã¤Â¸Â‹Ã¨Â½Â½Ã¥ Â…Â¨Ã©ÂƒÂ¨Ã©Â“Â¾Ã¦ÂŽÂ¥ - C:\install\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\install\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Ã¦ÂŽÂ§Ã¥ÂˆÂ¶Ã¥ÂÂ° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\install\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\install\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\installs\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\install\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\install\FlashGet\flashget.exe O15 - Trusted Zone: .frame.crazywinnings.com O15 - Trusted Zone: .static.topconverting.com O15 - Trusted Zone: .frame.crazywinnings.com (HKLM) O15 - Trusted Zone: .static.topconverting.com (HKLM) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Ã¨Â¶Â‹Ã¥ÂŠÂ¿Ã§Â§Â‘Ã¦ÂŠÂ€Ã¥ÂœÂ¨Ã§ÂºÂ¿Ã¦Â‰Â«Ã¦Â¯Â’Ã §Â¨Â‹Ã¥ÂºÂ) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E9B8ED-8D4E-49E2-9A92-530EB03A204A}: NameServer = 151.197.0.38 151.197.0.39 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\install\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode