TheTechGuide Forum
General Category => Tech Clinic => Topic started by: justice on May 28, 2005, 11:43:47 PM
-
Here is a log, any help?
Logfile of HijackThis v1.99.1
Scan saved at 12:45:11 AM, on 5/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Avant Browser\avant.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/pccr...&VID=TWP9003001 (http://\"http://pc-cillin9.antivirus.com/en/90/pccreg/wcoRegister.asp?SN=PCEA%2D9998%2D5605%2D4981%2D4043&GUID=AAA8A8ACA8AFABA9A8ADADADA8A098&VID=TWP9003001\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D67AE965-56DC-2456-DE92-74A2DAA86E95} - C:\WINDOWS\System32\ejhdzx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{A0DE7248-4D03-43E1-ABE7-CCA8A83DC7A7}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{677229E1-7839-4AD3-9B11-8C76A0FA2EEB}\SECURITY.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.Email (http://\"http://by19fd.bay19.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab (http://\"http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: System - {FF1506D4-B601-479D-8EDF-2662E086E369} - vr_sys.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
-
Hi Justice and Welcome!
Please Copy these Instructions to Notepad and Save them to your Desktop!
I will ask you to download several programs to try to combat this with,Please try to place them all in the same folder,so when clean you can go one place and remove the ones you no longer need!
Please Dont Run any of these until I ask you to!
Download Pocket KillBox from here:
http://www.bleepingcomputer.com/files/killbox.php (http://\"http://www.bleepingcomputer.com/files/killbox.php\")
There is a Direct Download and a description of what the Program does inside this link.
Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/ (http://\"http://www.ewido.net/en/download/\")
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.
After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
If you have problems updating see here
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
CleanUp! 4.0
http://downloads.stevengould.org/cleanup/CleanUp40.exe (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Download "The Hoster" from here
http://www.funkytoad.com/download/hoster.zip (http://\"http://www.funkytoad.com/download/hoster.zip\")
Right-Click Here (http://\"http://mvps.org/winhelp2002/DelDomains.inf\") and Click "Save As" to download DelDomains.inf to your desktop
Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam\")
After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that
http://www.bleepingcomputer.com/forums/ind...showtutorial=62 (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=62\")
Be sure to follow the directions that apply to your Operating System!
Open Hoster and Press "Restore Original Hosts" and press "OK". Exit Program.
Locate DelDomains.inf>> Right Click and select "Install"
Now Scan the PC with Ewido and Save the log it produces!
Open Pocket KillBox and Paste each entry below into it!
Before Clicking the Red Circle to delete them,place a tick by any of these options available
"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\vr_sys.dll
C:\WINDOWS\zeta.exe
C:\WINDOWS\system32\Services
C:\WINDOWS\System32\ejhdzx.dll
C:\WINDOWS\System32\E6F1873B.DLL
C:\WINDOWS\System32\D9EBC318C.DLL
C:\WINDOWS\System32\D0CE0C16B1.DLL
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\flsmngr.dll
C:\WINDOWS\System32\d3d8wpa.exe
Click the Red Circle with the White X in the middle to Delete!
Dont worry if some of the files dont exist,they may have allready been removed!
If you get a message saying file could not be deleted,write the name and location down,we will get to those in a minute!
Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!
O2 - BHO: (no name) - {D67AE965-56DC-2456-DE92-74A2DAA86E95} - C:\WINDOWS\System32\ejhdzx.dll
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{A0DE7248-4D03-43E1-ABE7-CCA8A83DC7A7}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{677229E1-7839-4AD3-9B11-8C76A0FA2EEB}\SECURITY.EXE
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab (http://\"http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O21 - SSODL: System - {FF1506D4-B601-479D-8EDF-2662E086E369} - vr_sys.dll (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!
Run CleanUp!
Click "Cleanup" and it will Scan and Remove all available Temp files>Click "Close">Click "No" to Logoff!
If there were any files Killbox couldnt delete,Paste them into Killbox and Select "Delete on Reboot"
If you have more than one file
Click "Yes" to Confirm
Click "No" to Reboot
Once the last file is entered
Click "Yes" to Confirm
Click "Yes" to Reboot
If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.
Restart Normal and have the PC Scanned here
Panda Active Scan (http://\"http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm\")
You will need to be using Internet Explorer for the Scan to work!
Save the Report it generates!
Post back with the reports from Panda and Ewido along with a fresh HijackThis log!
-
Tha panda scan freezes up everytime i run it. it takes so long so i leave it running while i'm doing other things and when i get back it has been froze like 4 times. i will try again though.....here is the other 2 logs
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:46:36 AM, 5/31/2005
+ Report-Checksum: 83F8F90A
+ Date of database: 5/31/2005
+ Version of scan engine: v3.0
+ Duration: 735 min
+ Scanned Files: 103476
+ Speed: 2.34 Files/Second
+ Infected files: 20
+ Removed files: 8
+ Files put in quarantine: 8
+ Files that could not be opened: 0
+ Files that could not be cleaned: 12
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Desktop\Stuff\Games\Delta Force\Utilities\DF2\DF2NoCDPatch\DF2.exe -> Not-A-Virus.VirTool.OptixPatch.04 -> Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Stuff\Games\Delta Force\Utilities\DF2\DF2NoCDPatch.zip/DF2.exe -> Not-A-Virus.VirTool.OptixPatch.04 -> Cleaned with backup
C:\sys.exe -> Trojan.WebSearch.i -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b -> Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch -> Cleaned with backup
C:\WINDOWS\system32\nоpdb.exe -> Spyware.PurityScan.am -> Cleaned with backup
C:\WINDOWS\system32\win32.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor.a -> Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:29:00 AM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/pccr...&VID=TWP9003001 (http://\"http://pc-cillin9.antivirus.com/en/90/pccreg/wcoRegister.asp?SN=PCEA%2D9998%2D5605%2D4981%2D4043&GUID=AAA8A8ACA8AFABA9A8ADADADA8A098&VID=TWP9003001\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.Email (http://\"http://by19fd.bay19.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab (http://\"http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
thanks for the help so far, it is already helping me. but i think there may be a few more things
-
Did you run into an error while running Ewido or did you choose to ignore anything it found?
Please Download the MWAV Scanner from Here (http://\"http://www.spywareinfo.dk/download/mwav.exe\")
Unzip it to its predetermined Directory (C:\Kaspersky)
Locate "kavupd.exe" in the New Folder and Double Click to Update!
If you it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!
When you see "Updates downloaded Successfully"
Please Press Enter to Continue!
It should open automatically>Leave the "Default Settings ticked" and add a "tick" "Drives">this will light up "All Drives">Click "Scan Clean" to begin!
This Scan will take Several Hours or more to Complete,Depending on the Hard Drive Size!
Please be sure it is Completed before proceeding!
Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!
Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!
Open a Blank Notepad Page and Paste the results (Ctrl+V) to it!
Post those results back here!
-
on ewido i just let it scan and that is what i got. would you like for me to do it again?
and the panda scan, would you like me to do it too or just run this new one that you posted?
-
Go ahead and Run the Panda Scan and Lets see what it shows!
Post the Results along with a fresh HijackThis log!
How is the PC running now,any better at all?
-
computer is running ok but not as good as i think it should. also having extremely LOOOONG boot up times frequently. Panda scan froze twice on me after it goes through about 125,000 files and gets to some sort of limewire file. Limewire has been removed from my system so i'm not sure what that file is.
Here is a fresh hijack this log, what would you like me to do next.
Logfile of HijackThis v1.99.1
Scan saved at 12:45:32 AM, on 6/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/pccr...&VID=TWP9003001 (http://\"http://pc-cillin9.antivirus.com/en/90/pccreg/wcoRegister.asp?SN=PCEA%2D9998%2D5605%2D4981%2D4043&GUID=AAA8A8ACA8AFABA9A8ADADADA8A098&VID=TWP9003001\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.Email (http://\"http://by19fd.bay19.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab (http://\"http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
Hmmmm,this is different!!!
Try this Online Scan
http://www.kaspersky.com/beta?product=161744315 (http://\"http://www.kaspersky.com/beta?product=161744315\")
-
after 160 seconds of the scan it has found 4 viruses and 59 infected objects. it is going good so far so i will post something when it is finished.
-
everything is also running very slowly. worse than before. when i play counter-strike is takes many minutes to finally load the game and more to get into a server and then it runs slowly like my pc can't handle it sometimes. this has never been an issue before, and like i said earlier, when i cut my pc on is gets to the windows xp screen and then sets there for like 5 minutes before it goes into windows. Just a week or so ago it took less than 30 seconds to boot up and about the same amount of time to load counter-strike and play.
What do you think this is? i am still running the kaspersky scan right now
-
Here is the panda scan:
Incident Status Location
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\Downloaded Program Files\winadx.inf
Adware:Adware/WUpd No disinfected C:\Program Files\Winad Client
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/SearchRelevancy No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\180axau.dat
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Adware:Adware Program No disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb.exe.temp
Virus:Trj/Downloader.CWZ Disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Virus:Application/Restart No disinfected C:\WINDOWS\system32\Tools\Restart.exe
A NEW EDWIDO SCAN
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:31:44 PM, 6/6/2005
+ Report-Checksum: 7AAB506B
+ Date of database: 6/6/2005
+ Version of scan engine: v3.0
+ Duration: 175 min
+ Scanned Files: 106404
+ Speed: 10.13 Files/Second
+ Infected files: 22
+ Removed files: 22
+ Files put in quarantine: 22
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sexlist[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
::Report End
and a frash hijack this
Logfile of HijackThis v1.99.1
Scan saved at 10:36:01 PM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/pccr...&VID=TWP9003001 (http://\"http://pc-cillin9.antivirus.com/en/90/pccreg/wcoRegister.asp?SN=PCEA%2D9998%2D5605%2D4981%2D4043&GUID=AAA8A8ACA8AFABA9A8ADADADA8A098&VID=TWP9003001\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab (http://\"http://www.kaspersky.com/downloads/kws/kavwebscan.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.Email (http://\"http://by19fd.bay19.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/...ActXInstall.cab (http://\"http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
My Apologies for the delay,had to leave town for a bit!
Go staright to Safe Mode!
Copy the list below to Notepad
C:\WINDOWS\Downloaded Program Files\winadx.inf
C:\Program Files\Winad Client
C:\WINDOWS\system32\stlb2.xml
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\180axau.dat
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\Downloaded Program Files\WildApp.inf
C:\WINDOWS\msbb.exe.temp
C:\WINDOWS\system32\Tools\Restart.exe
Hightlight the list and press Ctrl + C to Copy!
Open Killbox>>Click File>>Click Paste to Clipboard!
PLace a tick by any of these availbalble
"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"
Click the Red Circle to Delete!
Restart Normal and Post a fresh log and let me know how things are running!