TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Guest_jason on January 19, 2005, 12:49:49 AM
-
I have a few problems with my comp.
one. when i start up the computer, the network connections, remove hardware and volume control icons are missing from the taskbar (notification area near the clock). i can get them back but when i restart it they disappear. can anyone please help me
here is my hijackthis log:
Logfile of HijackThis v1.99.0
Scan saved at 3:11:37 PM, on 19/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01 (http://\"http://g.ninemsn.com.au/0SEDEAT/SAOS01\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [COM+ System Applications] lsas.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Configuration Loader] wconfig.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Windows Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [COM+ System Applications] lsas.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnmsgr.exe
O4 - HKCU\..\Run: [Configuration Loader] wconfig.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: COM+ System Applications - Unknown - C:\WINDOWS\System32\lsas.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework - Unknown - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
-
Please do a free Online Virus scan at RAV's
http://www.ravantivirus.com/scan/ (http://\"http://www.ravantivirus.com/scan/\")
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files
Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan
Then click the Scan my PC button
Let it completely finish scanning
Copy and Paste the results back here
Could you also
Download this virus checker from Kapersky
Mwav.exe (http://\"ftp://ftp.microworldsystems.com/download/tools/mwav.exe\")
Double click to Run it
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and paste it in your next reply.
If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
Also post back with a fresh Hijackthis log, thanks
Before posting back with a hijackthis log
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.lavasoftusa.com/support/download/\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
-
k here we go:
i went to that site with the free computer virus scan but when i press on 'scan my computer' the screen goes blue with writing on it and then the computer restarts.
and here is my eScan Antivirus log:
File C:\WINDOWS\System32\msc.cpl infected by "Backdoor.Suslix.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msc.cpl infected by "Backdoor.Suslix.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msoffice2.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uimpborl.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\octwain.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dial32.exe infected by "TrojanDropper.Win32.Small.hs" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msdef.exe.poly infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\suge.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[1].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[2].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[3].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[4].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[5].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[6].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[7].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[8].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\4P2NWDIZ\x[9].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\AV6B0P4F\x[1].exe infected by "Worm.Win32.Padobot.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\AV6B0P4F\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[1].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[2].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[3].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[4].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[5].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[6].exe infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[7].exe infected by "Worm.Win32.Padobot.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[8].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4P2NWDIZ\x[9].exe infected by "Worm.Win32.Padobot.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AV6B0P4F\x[1].exe infected by "Worm.Win32.Padobot.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AV6B0P4F\kkq[1].gif infected by "TrojanSpy.Win32.Qukart.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msdef.exe.poly infected by "Backdoor.Win32.Agobot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\suge.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\rewt.exe infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\load.exe infected by "TrojanDownloader.Win32.Small.mc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uimpborl.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\octwain.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uctwain.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.dll infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qpatchw32.exe infected by "I-Worm.Mabutu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dial32.exe infected by "TrojanDropper.Win32.Small.hs" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_pst01.jar-59cd40ed-7b01d77e.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-3ba539e4.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jason\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Jessie\payload.dat infected by "Backdoor.SdBot.pm" Virus. Action Taken: No Action Taken.
File C:\Program Files\Outlook Express\outl32l.exe infected by "Backdoor.Jeemp.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP149\A0052355.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP149\A0052379.exe infected by "TrojanSpy.Win32.Delf.ea" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP169\A0054106.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP185\A0055839.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F6EA6CAA-B744-447E-8F9E-B9A9507C7CB4}\RP189\A0056059.exe infected by "TrojanDownloader.Win32.Dyfuca.cj" Virus. Action Taken: No Action Taken.
File C:\Recycled\1.exe infected by "TrojanDownloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.
File D:\other crap\PATCH\ACKPANEL.EXE infected by "Trojan.DOS.Qrap" Virus. Action Taken: No Action Taken.
and here is my hijackthislog:
Logfile of HijackThis v1.99.0
Scan saved at 1:09:08 AM, on 21/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Task Manager.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\Jason\LOCALS~1\Temp\kavss.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Task Manager.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDC3F9E-EDEF-4C41-B6F9-A0755A92A978}: NameServer = 203.194.27.57 203.194.56.150
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
and i ran adaware, downloaded the latest update, did a full system scan and it only came up with 3 tracking cookies
i also tried spybot search and destroy but also came up with nothing.
judging by the eScan log i'd say that i have a damn lot of viruses. some help anyone?
-
Okay, a little cleanup to do, but it doesn't look too bad
Let's take this by steps
1. Go into your control Panel and double click on the Java Plugin
Open the Cache tab and clear your cache
2.Download and Install this utility to clean all your Temp folders, cookies, prefetch,etc....
Windows CleanUp! by StevenGould (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install it for now, we'll let it clean the files later
3.Some of the nasties are in your System Restore folder
We must Disable System Restore
Use the link to show you how to Disable it if unsure
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Leave it Disabled for now, don't restart your computer yet
4.Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
5. Print this out or save to a Notepad file on your desktop for easy access, Disconnect from the Internet
6. Restart your computer into SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039\")
7. Go to START>>>RUN>>>type in services.msc and hit Enter
In the next window, look on the right hand side for this service
name---- ShellFolder for CD Burning
Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled
8. Find and delete these files or folders in bold if they exist
C:\WINDOWS\System32\msc.cpl
C:\WINDOWS\system32\msoffice2.exe
C:\WINDOWS\system32\suge.exe
C:\WINDOWS\uimpborl.exe
C:\WINDOWS\ctwain.dll
C:\WINDOWS\octwain.exe
C:\WINDOWS\uctwain.dll
C:\WINDOWS\qpatchw32.dll
C:\WINDOWS\dial32.exe
C:\WINDOWS\System32\payload.dat
C:\WINDOWS\System32\msdef.exe.poly
C:\WINDOWS\Downloaded Program Files\load.exe
C:\Documents and Settings\Jessie\payload.dat
C:\Documents and Settings\Jason\payload.dat
D:\other crap\PATCH\ACKPANEL.EXE <--not sure about this one, take a look at the Patch folder, is there anything else in it, if not get rid of it
9. Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:
O4 - Startup: Task Manager.exe
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis
10. Again in safe mode
Open Windows CleanUp from the All programs menu
Click the CleanUp button
Let it finish scanning for files, when it's done it will prompt you to Log off
Instead>>Restart your computer back to Normal mode
Re-enable System Restore at this time
Just to be on the safe side
Download this free Trojan scanner>>Yours to keep
A-squared Free edition (http://\"http://www.emsisoft.com/en/software/download/\")
Once installed ensure it is fully updated and then run a Full Scan
Let it fix whatever it finds and restart your computer if prompted
I would still suggest that you try that online scan again at Rav's
or try one at
Housecall's>>Set to Autoclean
http://housecall.trendmicro.com/ (http://\"http://housecall.trendmicro.com/\")
Ensure to use IE, I prefer firefox but Trends and Rav's needs the ActiveX component to run properly
Do what you can from the above
Post back a fresh hijackthis log afterwards
-
ok first of all there was no service called "shell folder for cd burning"
here is my recent hijackthis log:
Logfile of HijackThis v1.99.0
Scan saved at 6:33:51 PM, on 21/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDC3F9E-EDEF-4C41-B6F9-A0755A92A978}: NameServer = 203.194.27.57 203.194.56.150
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
the ravantivirus scan still doesnt work but the trendmicro one did
and my taskbar still isnt showing the volume control, remove hardware and internet conection icons. when i go into control panel, sound and audio devices and click on place volume icon on taskbar, suddenly all three show up. but when i restart the computer they disappear
-
Go to START>>Run>>type in regedit
Then hit OK
Navigate to this key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
You will need to expand(+) each entry
+HKEY_LOCAL_MACHINE
+SOFTWARE
+Microsoft
+Windows
+CurrentVersion
Left click and Highlight
ShellServiceObjectDelayLoad
Right click on ShellServiceObjectDelayLoad
and choose EXPORT from the Menu Bar
Save it to a convenient location such as MyDocuments
Name it shell
Exit Registry Editor
Navigate to MyDocuments and look for shell.reg
Right click on it and choose EDIT
Copy and paste the whole contents of the notepad text box back here
-
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}"
-
Go back to this key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Highlight ShellServiceObjectDelayLoad
On the right hand side look for this
Right click on @="{E61B5E20-DE35-11CF-9C87-1579005127ED}"
and choose delete
Exit Registry editor
Do another scan with Hijackthis and put a check next to these entries:
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis
Restart your computer and post back a fresh Hijackthis log
-
ok here it is
Logfile of HijackThis v1.99.0
Scan saved at 7:27:31 PM, on 22/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\Antispyware\hijackthisbackup\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrc...kr.cab30149.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe