Post by: r_c_nair on January 10, 2006, 06:45:49 AM
'Backdoor.Sdbot - install.exe- File D:\DOCUME~1\ALLUSE~1\DOCUME~1\ action Deleted.' Whenever I am scanning my system there is no virus found. The message I am receiving from last 2 months. After this I have got one warning message in system tray that ' You have infected with Spyware, pls click here to download the antispyware' with a red cross icon. I have then scanned my system with microsoft anti spyware and it discoverd some trojans and spyware & adware also, but I am not remembering the names. After rebooting my system I scanned with norton antiviurs and norton also discoverd and cleaned them, the log file given below:-
Risk Action Count Filename Threat Type Original Location Status Date
Adware.DollarRevenue Quarantined 3 toolbar.exe Adware D:\WINDOWS\ Infected 29/12/2005 17:40
Adware.DollarRevenue Quarantined 3 drsmartload1.exe Adware C:\ Infected 29/12/2005 17:26
Adware.EasyWWW Quarantined 24 timessquare[1].exe Adware D:\Documents and Settings\User12\Local Settings\Temporary Internet Files\Content.IE5\Q1O9MXS1\ Infected 29/12/2005 17:25
Trojan.Adclicker Deleted 1 adtech2006a.exe File C:\windows\ Deleted 29/12/2005 17:25
Trojan.Adclicker Left alone 1 adtech2006a[1].exe File D:\Documents and Settings\User12\Local Settings\Temporary Internet Files\Content.IE5\2QQT558U\ Left alone 29/12/2005 17:23
Adware.DollarRevenue Terminate Process Required 7 toolbar[1].txt Adware D:\Documents and Settings\User12\Local Settings\Temporary Internet Files\Content.IE5\2QQT558U\ Infected 29/12/2005 17:22
Backdoor.Sdbot Deleted 2 install.exe File D:\DOCUME~1\ALLUSE~1\DOCUME~1\ Deleted 28/12/2005 13:34
Backdoor.Sdbot Deleted 2 install.exe File D:\DOCUME~1\ALLUSE~1\DOCUME~1\ Deleted 28/12/2005 13:29
Then the browser firefox never hanged and after 2 - 3 days again my programs started hanging and I got some alerts from Norton anti virus that
Backdoor.Sdbot Deleted 2 install.exe File D:\DOCUME~1\ALLUSE~1\DOCUME~1\ Deleted 31/12/2005 18:07
Trojan.Desktophijack Quarantined 2 tool2.exe File D:\WINDOWS\ Infected 30/12/2005 12:08
Trojan.Abwiz Quarantined 2 paradise.raw File D:\WINDOWS\system32\ Infected 30/12/2005 12:07
I have downloaded and installed latest update of windows wmf vulnerability from microsoft and then scanned my computer using norton and microsoft antispyware but nothing found. Then I searched net for solution and I found your site and your replies to people having problems like mine and I decided to request you to solve my problem.
I have downloaded hijakthis and scanned. The log given below
Logfile of HijackThis v1.99.1
Scan saved at 4:58:28 PM, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Azureus\Azureus.exe
D:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Tally2.0\tally63.exe
C:\HJT\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B63C22C-2587-4DD2-B93F-B0A6B697148B}: NameServer = 202.56.215.6 202.56.230.6
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
Pls help me or otherwise I will have to format my HD and reinstall XP again.
Post by: guestolo on January 10, 2006, 11:20:58 PM
Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Don't run it yet
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run this yet,
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Please Disable Microsoft AntiSpyware's realtime protections so it won't interfere in any fixes we try.
Keep this disabled until we know you are clean
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
When Ewido is done
RESTART your computer back to Normal mode
Back in Windows
Can I see the following
1. Post the report you saved earlier with Ewidos
2. Post a new log from Hijackthis
3. Post the report from Smitrem located here C:\Smitfiles.txt
NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
Post by: r_c_nair on January 11, 2006, 01:47:42 AM
Thank you for your help
I have done everything you instructed and the log files are given below
Ewido Log file
-----------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:47:19 AM, 11/01/2006
+ Report-Checksum: 92CB67FA
+ Scan result:
No infected objects found.
::Report End
Log file of Hijackthis
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:51:50 AM, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Symantec AntiVirus\DoScan.exe
D:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
Log file of Smitrem
----------------------
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: 11/01/2006
The current time is: 11:03:03.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Install.dat
~~~ Favorites ~~~
~~~ system32 folder ~~~
svcp.csv
winsub.xml
zlbw.dll
zlbw.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
secure32.html
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 940 'explorer.exe'
Killing PID 940 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />It is still not solve my problems. While typing this reply my firefox freezed around 10 or more times, showing not responding in the title bar and also disappear from task bar too and coming back after 3 minutes. I have limited extensions used ie No script, Adblock, Amazing media browser, Torrent bar and downthem all. I have allowed the scripts for this site also.
Pls suggest me a solution for this.
Thankx
Nair
Post by: guestolo on January 11, 2006, 02:49:10 PM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Come back here and post a fresh Hijackthis log
Is Internet Explorer working fine?
Do you have any themes installed with Firefox?
Post by: r_c_nair on January 12, 2006, 12:48:43 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:05:47 AM, on 12/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
My Internet Explorer is working fine
I have only firefox's default theme.
Thanks
Nair
Post by: guestolo on January 12, 2006, 12:53:57 AM
It may be related to a firefox extension you have added
The only way I can think of tracking it down is to uninstall an extension
By trial and error you may be able to track it down
Or a reinstall of Firefox
But if you reinstall I would remove Firefox and all related folders
Do you know what I mean?
Backup your Bookmarks before you go that route
Post by: r_c_nair on January 12, 2006, 06:14:51 AM
Anyway thank you very much for helping me and god bless you.
Thankx
Nair