Trojans keep coming back

Hi Helenster

Please open OTMoveIt and add this on the left side and click MoveIt.
C:\WINDOWS\system32\A4206978.DLL

Now lets clean your removable drives. (Flash drives)

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

If you have any Flash drives (USB thumb drives) plug them in before doing this part.

• Double-click Flash_Disinfector.exe to run it.
  Follow any prompts that may appear.
  Your desktop will vanish for a while, and then reappear. This is normal.
  Wait until the program has finished scanning, then please exit the program.

Empty this folder:

C:\WINDOWS\temp


Now Please call up msconfig

To do this Click Start> Run> Type in msconfig click OK.
Please put a check mark next to these (If Present)

TIMHost.exe
mppds.exe
MsIMMs32.exe
AVPSrv.exe
cmdbcs.exe

Click apply then exit msconfig without restarting your computer.

Please run HJT again and post the new log.

Thanks
Geri

 

Logfile of HijackThis v1.99.1
Scan saved at 2:17:49 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\windows\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\windows\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\windows\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DiamondCS ProcessGuard Service v3.405 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

It seems like the virus came back. http://www.windowsbbs.com/showthread.php?t=63751 Pretty old but maybe a mod can help you using this. Since it's almost the same right?

 

@Radiance

It didn't come back ........... Geri instructed Helenster to recheck those items in msconfig so that they would show up in a HijackThis log and allow for easy removal.

Helenster, please wait on Geri before proceeding with anything else.

 

Hi Helenster

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

After that, Reboot.

Please post a New HJT Log into this Thread.

Let me know how things are.

Thanks
Geri

 

Logfile of HijackThis v1.99.1
Scan saved at 4:36:54 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\windows\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 172.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\windows\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DiamondCS ProcessGuard Service v3.405 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


It seems like it's gone.

But now for some reason, everytime I open a program, it either freezes for a bit or takes a while to open. Ahh, and don't get me started with Internet Explorer! It takes about 5 minutes just to load a page. That's why it took me so long to scan my computer.. because I was practically falling asleep waiting for it to load before I could get to the scanning process.

 

Hi
OK Your log is clean, Good Job.

(Edit Note, Please see next post befor doing this.)
You can delete any tools you were asked to download, (ComboFix, OTMoveIt)There will be newer versions if ever needed again any way.

Please delete this folder.

C:\_OTMoveIt\MovedFiles

Lets do a few things and see if it helps speed things up.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


We need to turn off and on system restore

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
Make a new restore point.

Your Java needs updating

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
   Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
3. If you are unable to update you can manually update by going here:
   • 
     http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. Under Temporary Internet Files, click the Delete Files button.
6. There are three options in the window to clear the cache - Leave ALL 3 Checked
   • 
     Downloaded Applets
     Downloaded Applications
     Other Files
7. Click OK on Delete Temporary Files Window
   Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
8. Click OK to leave the Java Control Panel.
9. Delete older versions from Add/Remove list.

How log has it been since you did a Defrag and CHKDisk? If it's been awhile you should do it. This will take awhile so do it when you don't plan on using you computer for a while.

# 1

Disk Cleanup

Click Start, Double click My Computer,
Right-click the disk in which you want to free up space,(C: Drive)
click Properties,
click the General tab, and then click Disk Cleanup.
After it calculates click OK.
Then Click Yes.

# 2

Defragment - Turn off virus protection and screen savers (if you have one running, Or do the Defrag in Safe Mode)

To turn off virus protection, right click on your virus protection icon down by the clock, click exit or close. click yes if asked if you want to close it. (Or do it in Safe Mode)

1. Click Start, Double click My Computer.
2. Right-click the local disk volume that you want to defragment, (C: Drive) and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.



# 3

CheckDisk

1.Double-click My Computer, and then right-click the local disk that you want to check. (C Drive)

2.Click Properties, and then click Tools.

3.Under Error-checking, click Check Now.

4.Under Check disk options, select the Scan for and attempt recovery of bad sectors check box.

5.Click Start.

A window will open saying that it can not do chkdisk, will as if you want to run it the next time you restart your computer.
Select "Yes "

Click on "Start" click on Turn off computer, Click Restart.

After doing these, Please post back and let me know if it helped.


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
   
5. IE-SpyAd - puts over 23,000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all,
   and MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.
   
   
6. Install WinPatrol to prevent unknown applications from being inserted to start up on your machine
   
   Now just because you have security apps installed, they are useless unless updated regularly.
   
   
7. Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.
   
   
8. ATF Cleaner by Atribune.
   This program is for XP and Windows 2000 only, Cleans out temporary files all the garbage you collect while surfing the web.
   
   
9. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
   
10. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    
11. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Surf Safely
Geri

 

Hi Helenster

Before you delete those tools, If you haven't already Could you run ComboFix again and post the log. Try normal mode first, if no go, then in safe mode.

Also with this.
O1 - Hosts: 172.0.0.1 localhost

Is this a work machine? I'm talking with someone that says this "may" slow down IE.

Thanks
Geri

 

I did everything and it's still the same. :[

Here's the ComboFix log:
"Song" - 2007-07-21 14:48:31 - ComboFix 07-07-17.8 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\system32\sfsync02.dll


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 14:00 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-18 19:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-18 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-18 18:02 8,576 --a------ C:\WINDOWS\system32\drivers\ytiqsbffiort.sys
2007-07-17 23:11 8,576 --a------ C:\WINDOWS\system32\drivers\faqmmducbgan.sys
2007-07-17 21:24 8,576 --a------ C:\WINDOWS\system32\drivers\ohfnbhalmscw.sys
2007-07-17 20:42 8,576 --a------ C:\WINDOWS\system32\drivers\ipxtosunsikn.sys
2007-07-17 19:50 8,576 --a------ C:\WINDOWS\system32\drivers\atnlsppeejkj.sys
2007-07-17 18:37 8,576 --a------ C:\WINDOWS\system32\drivers\odvtiowcbogl.sys
2007-07-17 18:12 8,576 --a------ C:\WINDOWS\system32\drivers\kdcgeukcfaak.sys
2007-07-17 17:07 8,576 --a------ C:\WINDOWS\system32\drivers\bgokanfeyfqe.sys
2007-07-17 16:36 8,576 --a------ C:\WINDOWS\system32\drivers\vgccxcnfeddq.sys
2007-07-17 15:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-17 08:59 78,440 --a------ C:\LSPRegBackup_17072007_085926.REG
2007-07-16 20:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 20:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-16 20:36 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 17:07 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-16 17:07 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-07-16 16:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-16 16:29 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-16 16:29 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-16 16:29 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-16 16:29 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-16 16:28 <DIR> d-------- C:\Program Files\Webroot
2007-07-16 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-16 15:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 13:01 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Webroot
2007-07-15 10:52 <DIR> d-------- C:\HJT
2007-07-14 19:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-14 15:23 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-14 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-12 20:10 <DIR> d-------- C:\Program Files\Prevx2
2007-07-12 20:10 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Prevx
2007-07-12 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-07-12 20:09 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-12 17:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-10 19:27 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-09 22:36 109,440 --a------ C:\WINDOWS\system32\drivers\KbdCap.sys
2007-07-09 15:08 <DIR> d-------- C:\Program Files\TriglowPictures
2007-07-04 08:04 <DIR> d-------- C:\Program Files\iTunes
2007-07-04 08:04 <DIR> d-------- C:\Program Files\iPod
2007-07-04 08:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-04 08:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-29 17:27 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Sudeki
2007-06-29 14:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 19:25 6,291,456 --a------ C:\DOCUME~1\Song\ntuser.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 21:25:14 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-20 06:02:34 -------- d-----w C:\Program Files\Winamp
2007-07-20 05:48:31 -------- d-----w C:\Program Files\Norton Internet Security
2007-07-20 05:48:27 -------- d-----w C:\Program Files\Norton AntiVirus
2007-07-20 05:45:29 -------- d-----w C:\Program Files\Messenger
2007-07-20 05:40:57 -------- d-----w C:\Program Files\Classic PhoneTools
2007-07-20 05:40:51 -------- d-----w C:\Program Files\AIM
2007-07-17 02:19:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-09 22:08:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 03:36:22 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\Apple Computer
2007-06-17 08:03:35 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\Skype
2007-06-14 02:37:22 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\DivX
2007-06-13 20:01:45 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\BitTorrent
2007-06-12 17:04:05 -------- d-----w C:\Program Files\BitTorrent
2007-06-12 03:55:01 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-09 22:32:41 -------- d-----w C:\Program Files\DivX
2007-06-04 22:18:48 9,344 ----a-w C:\windows\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\windows\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\windows\system32\drivers\AWRTPD.sys
2007-05-31 07:02:22 -------- d-----w C:\Program Files\QuickTime
2007-05-31 07:00:00 -------- d-----w C:\Program Files\Apple Software Update
2007-05-31 06:45:07 524,288 ----a-w C:\windows\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\windows\system32\DivX.dll
2007-05-09 18:53:54 1,224,704 ----a-r C:\windows\system32\clubbox.exe
2007-05-06 08:07:55 61,440 ----a-w C:\windows\system32\nod.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ------w C:\windows\system32\pxafs.dll
2007-04-23 00:15:24 118,520 -c----w C:\windows\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 -c----w C:\windows\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\windows\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 -c--a-w C:\windows\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\windows\system32\DivXCodecUpdateChecker.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}]
2006-01-10 12:09 90112 --a------ C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-11-15 00:09 112248 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CapFax "= "C:\Program Files\Classic PhoneTools\CapFax.EXE" [2001-12-10 17:34]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11]
"ccRegVfy "= "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-25 09:59]
"AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 11:15]
"SoundMan "= "SOUNDMAN.EXE" [2004-09-16 05:39 C:\WINDOWS\SOUNDMAN.EXE]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"PrevxOne "= "C:\Program Files\Prevx2\PXConsole.exe" [2007-07-10 07:42]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-14 19:38]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 12:37]
"ctfmon.exe "= "C:\windows\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-09 23:23:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-14 19:37]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Autorun11]
C:\WINDOWS\system32\nwizwlwzs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Autorun7]
C:\WINDOWS\system32\nwizqjsj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinForm]
C:\WINDOWS\WinForm.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{714c7708-8ff6-11db-adc5-00115b9ea7a7}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}
C:\windows\system32\nwizzhuxians.exe

Contents of the 'Scheduled Tasks' folder
2007-07-15 21:07:04 C:\windows\tasks\AppleSoftwareUpdate.job
2007-06-16 03:02:43 C:\windows\tasks\Norton AntiVirus - Scan my computer.job
2007-07-21 21:42:00 C:\windows\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 14:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-21 14:52:18
C:\ComboFix-quarantined-files.txt ... 2007-07-21 14:51
C:\ComboFix2.txt ... 2007-07-16 17:14

--- E O F ---

 

Hi Helenster

Did you clean all flash drives/usb sticks as asked?

I see you are useing P2P file Sharing,
C:\Program Files\BitTorrent
This is not good! You will become infected over and over again.

Please refrain from downloading anything until you are cleaned up

For now please do this, I will be back after checking your log.

Download the HostsXpert 3.7 - Hosts File Manager.

• Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Backup / Restore then Create Backup
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please give me a uninstall list.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Thanks
Geri

 

Alrighty.

Yes, I used the Flash Disinfector. I'll do it again just in case.

I'll uninstall Bittorrent since I don't use it anyways.

 

Hi
I have a friend coming in to post,( noahdfear) Please follow his instructions.

Thanks
Geri

 

Hi Helenster,

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::

C:\WINDOWS\system32\drivers\ytiqsbffiort.sys
C:\WINDOWS\system32\drivers\faqmmducbgan.sys
C:\WINDOWS\system32\drivers\ohfnbhalmscw.sys
C:\WINDOWS\system32\drivers\ipxtosunsikn.sys
C:\WINDOWS\system32\drivers\atnlsppeejkj.sys
C:\WINDOWS\system32\drivers\odvtiowcbogl.sys
C:\WINDOWS\system32\drivers\kdcgeukcfaak.sys
C:\WINDOWS\system32\drivers\bgokanfeyfqe.sys
C:\WINDOWS\system32\drivers\vgccxcnfeddq.sys

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinForm]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Autorun11]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Autorun7]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\[COLOR="Black"]CurrentVersion[/COLOR]\Explorer\MountPoints2\{714c7708-8ff6-11db-adc5-00115b9ea7a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log, as well as the uninstall list Geri requested above.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please let us know if the new ComboFix still will not run in normal mode.

 

I did everything you told me to, but I still get the same error.

 

I'd really like to figure out what's causing the error, but I don't want to use you as a testing ground. Go ahead and run it as described, by dropping CFScript.txt onto ComboFix.exe, in safe mode.

 

ComboFix log:
"Song" - 2007-07-22 15:05:29 - ComboFix 07-07-14.6 - Service Pack 2 NTFS [SAFE MODE]
Command switches used :: C:\Documents and Settings\Song\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\atnlsppeejkj.sys
C:\WINDOWS\system32\drivers\bgokanfeyfqe.sys
C:\WINDOWS\system32\drivers\faqmmducbgan.sys
C:\WINDOWS\system32\drivers\ipxtosunsikn.sys
C:\WINDOWS\system32\drivers\kdcgeukcfaak.sys
C:\WINDOWS\system32\drivers\odvtiowcbogl.sys
C:\WINDOWS\system32\drivers\ohfnbhalmscw.sys
C:\WINDOWS\system32\drivers\vgccxcnfeddq.sys
C:\WINDOWS\system32\drivers\ytiqsbffiort.sys


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-21 18:59 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-21 18:54 <DIR> d-------- C:\HostsXpert
2007-07-18 19:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-18 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-17 15:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-17 08:59 78,440 --a------ C:\LSPRegBackup_17072007_085926.REG
2007-07-16 20:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 20:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-16 20:36 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 17:07 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-16 17:07 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-07-16 16:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-16 16:29 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-16 16:29 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-16 16:29 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-16 16:29 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-16 16:28 <DIR> d-------- C:\Program Files\Webroot
2007-07-16 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-16 15:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 13:01 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Webroot
2007-07-15 10:52 <DIR> d-------- C:\HJT
2007-07-14 19:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-14 15:23 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-14 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-12 20:10 <DIR> d-------- C:\Program Files\Prevx2
2007-07-12 20:10 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Prevx
2007-07-12 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-07-12 20:09 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-12 17:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-10 19:27 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-09 22:36 109,440 --a------ C:\WINDOWS\system32\drivers\KbdCap.sys
2007-07-09 15:08 <DIR> d-------- C:\Program Files\TriglowPictures
2007-07-04 08:04 <DIR> d-------- C:\Program Files\iTunes
2007-07-04 08:04 <DIR> d-------- C:\Program Files\iPod
2007-07-04 08:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-04 08:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-29 17:27 <DIR> d-------- C:\DOCUME~1\Song\APPLIC~1\Sudeki
2007-06-29 14:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 19:25 6,291,456 --a------ C:\DOCUME~1\Song\ntuser.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 17:42:28 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-20 06:02:34 -------- d-----w C:\Program Files\Winamp
2007-07-20 05:48:31 -------- d-----w C:\Program Files\Norton Internet Security
2007-07-20 05:48:27 -------- d-----w C:\Program Files\Norton AntiVirus
2007-07-20 05:45:29 -------- d-----w C:\Program Files\Messenger
2007-07-20 05:40:57 -------- d-----w C:\Program Files\Classic PhoneTools
2007-07-20 05:40:51 -------- d-----w C:\Program Files\AIM
2007-07-17 02:19:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-09 22:08:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 03:36:22 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\Apple Computer
2007-06-17 08:03:35 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\Skype
2007-06-14 02:37:22 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\DivX
2007-06-13 20:01:45 -------- d-----w C:\DOCUME~1\Song\APPLIC~1\BitTorrent
2007-06-12 03:55:01 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-09 22:32:41 -------- d-----w C:\Program Files\DivX
2007-06-04 22:18:48 9,344 ----a-w C:\windows\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\windows\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\windows\system32\drivers\AWRTPD.sys
2007-05-31 07:02:22 -------- d-----w C:\Program Files\QuickTime
2007-05-31 07:00:00 -------- d-----w C:\Program Files\Apple Software Update
2007-05-31 06:45:07 524,288 ----a-w C:\windows\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\windows\system32\DivX.dll
2007-05-09 18:53:54 1,224,704 ----a-r C:\windows\system32\clubbox.exe
2007-05-06 08:07:55 61,440 ----a-w C:\windows\system32\nod.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ------w C:\windows\system32\pxafs.dll
2007-04-23 00:15:24 118,520 -c----w C:\windows\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 -c----w C:\windows\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\windows\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 -c--a-w C:\windows\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\windows\system32\DivXCodecUpdateChecker.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}]
2006-01-10 12:09 90112 --a------ C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-11-15 00:09 112248 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CapFax "= "C:\Program Files\Classic PhoneTools\CapFax.EXE" [2001-12-10 17:34]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11]
"ccRegVfy "= "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-25 09:59]
"AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 11:15]
"SoundMan "= "SOUNDMAN.EXE" [2004-09-16 05:39 C:\WINDOWS\SOUNDMAN.EXE]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"PrevxOne "= "C:\Program Files\Prevx2\PXConsole.exe" [2007-07-10 07:42]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-14 19:38]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 12:37]
"ctfmon.exe "= "C:\windows\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-14 19:37]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r


Contents of the 'Scheduled Tasks' folder
2007-07-22 21:07:00 C:\windows\tasks\AppleSoftwareUpdate.job
2007-06-16 03:02:43 C:\windows\tasks\Norton AntiVirus - Scan my computer.job
2007-07-22 21:57:00 C:\windows\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 15:07:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-22 15:08:36
C:\ComboFix-quarantined-files.txt ... 2007-07-22 15:08
C:\ComboFix2.txt ... 2007-07-21 14:52
C:\ComboFix3.txt ... 2007-07-16 17:14

--- E O F ---

 

Looks good. Would you also post the uninstall list Geri requested?

How is it performing now?

Is your Prevxx installation a trial? If so, I recommend you uninstall it.
And the DiamondCS ProcessGuard ...... did you just install that? I ask because the service shows file missing in your HijackThis log. Doesn't necessarily mean it is missing, as some things are not visible to HijackThis. If you intend to keep it, do a re-install just in case.
I also recommend you disable the AVG Antispyware guard after the 30 day trial period, if you're running the free version and keep it.

Create and post a new HijackThis log when you've completed any of the above tasks you decide to and rebooted.

 

Yay, that's good! I'm not really sure how I got DiamondCS ProcessGuard. I saw the folder for it a couple of weeks ago. I don't see it in my C drive anymore though. I think I may have uninstalled it or something.. I don't even remember. Should I re-download it?

Do you think I should uninstall Norton Antivirus? Since I don't use it at all and everything.

Here's the uninstall list:
http://img224.imageshack.us/img224/3072/listux9.png

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:24 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\windows\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CapFax] "C:\Program Files\Classic PhoneTools\CapFax.EXE "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DiamondCS ProcessGuard Service v3.405 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

Please re-read Geri's instructions here for producing an uninstall log.

IMO, yes, Yes and YES ...... but you need to replace it with a good antivirus program. A good firewall program is advised as well.

We'll continue once you've posted the uninstall list.

BTW, how are things working now?

 

Ohh, I didn't see that edit on the post. :]

Uninstall list:
AC3Filter (remove only)
Ad-Aware 2007
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Agere Systems PCI Soft Modem
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Audition
AVG Anti-Spyware 7.5
CCleaner (remove only)
Classic PhoneTools
Clubbox ÆÄÀÃÀü¼Ã›°Ã¼¸®Ã€Ãš
DivX Codec
Easy CD Creator 5 Basic
Fraps (remove only)
HijackThis 1.99.1
iTunes
Java(TM) 6 Update 2
LimeWire 4.9.30
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
MapleStory
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Norton Internet Security
Norton WMI Update
PowerDVD
PristonTale
QuickTime
Realtek AC'97 Audio
Sony Media Manager 2.2
Sony Vegas 7.0
Spy Sweeper
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
The Sims 2
Ventrilo Client
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Internet Explorer 7
Windows Media Format Runtime
WinRAR archiver


Opening programs still take a while, I.E. still takes forever to load, nothing new. Starting to get used to it though.